GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-11-05 22:29:14 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AX00 931,51GB Running: gmer.exe; Driver: C:\Users\Natalia\AppData\Local\Temp\pwliqpoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031b9000 45 bytes [43, 4D, 32, 35, 01, 00, 00, ...] INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031b902f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1932] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074bb1465 2 bytes [BB, 74] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1932] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074bb14bb 2 bytes [BB, 74] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1056] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074bb1465 2 bytes [BB, 74] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1056] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074bb14bb 2 bytes [BB, 74] .text ... * 2 .text C:\Users\Natalia\AppData\Roaming\Ciuh\lydac.exe[3892] C:\windows\syswow64\WS2_32.dll!getaddrinfo 00000000768a4296 6 bytes [68, 4E, 29, 42, 00, C3] .text C:\Users\Natalia\AppData\Roaming\Ciuh\lydac.exe[3892] C:\windows\syswow64\WS2_32.dll!gethostbyname 00000000768b7673 6 bytes [68, DE, 28, 42, 00, C3] .text C:\Users\Natalia\AppData\Roaming\Ciuh\lydac.exe[3892] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074bb1465 2 bytes [BB, 74] .text C:\Users\Natalia\AppData\Roaming\Ciuh\lydac.exe[3892] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074bb14bb 2 bytes [BB, 74] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007700091c 6 bytes [68, CE, 7D, B2, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007701261d 6 bytes [68, 1B, BC, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c4dd 6 bytes [68, F3, 7E, B2, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077022ad3 6 bytes [68, 61, BC, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077044168 6 bytes [68, A7, BC, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007704e695 6 bytes [68, ED, BC, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075604514 6 bytes [68, 5C, 81, B2, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\kernel32.dll!ExitProcess 00000000756079b0 6 bytes [68, 1B, 81, B2, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007680c532 6 bytes [68, D9, 81, B2, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076842642 6 bytes [68, C2, 81, B2, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!GetDC 0000000076af72c4 6 bytes [68, 94, DD, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!ReleaseDC 0000000076af7446 6 bytes [68, 12, DE, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!TranslateMessage 0000000076af7809 6 bytes [68, C9, C4, B2, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 6 bytes [68, 72, D7, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 6 bytes [68, 9A, D7, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!GetWindowDC 0000000076af8048 6 bytes [68, D3, DD, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!RegisterClassW 0000000076af8a65 6 bytes [68, 1F, BF, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!RegisterClassExW 0000000076afb17d 6 bytes [68, B9, BF, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!RegisterClassExA 0000000076afdb98 6 bytes [68, 0B, C0, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 6 bytes [68, C2, D7, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!CallWindowProcW 0000000076b00d32 6 bytes [68, 51, BE, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!GetCursorPos 0000000076b01218 6 bytes [68, A5, D5, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!EndPaint 0000000076b01341 6 bytes [68, F9, DC, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!BeginPaint 0000000076b01361 6 bytes [68, 89, DC, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!GetMessagePos 0000000076b02a8d 6 bytes [68, 73, D5, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!GetCapture 0000000076b02aac 6 bytes [68, D3, D6, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!GetDCEx 0000000076b03391 6 bytes [68, 39, DD, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!RegisterClassA 0000000076b0434b 6 bytes [68, 6C, BF, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 6 bytes [68, ED, D7, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!GetUpdateRgn 0000000076b06222 6 bytes [68, E5, DE, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!CallWindowProcA 0000000076b0792f 6 bytes [68, 9A, BE, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!DefFrameProcA 0000000076b07fbb 6 bytes [68, 7C, BD, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!DefMDIChildProcA 0000000076b0810c 6 bytes [68, 0B, BE, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!DefFrameProcW 0000000076b085c1 6 bytes [68, 33, BD, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076b086b4 6 bytes [68, C5, BD, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!GetUpdateRect 0000000076b1d41f 6 bytes [68, 52, DE, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!ReleaseCapture 0000000076b1ed49 6 bytes [68, 83, D6, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!SetCapture 0000000076b1ed56 6 bytes [68, 29, D6, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!SwitchDesktop 0000000076b39854 6 bytes [68, FD, BB, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!SetCursorPos 0000000076b39cfd 6 bytes [68, EC, D5, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000076b39f1d 6 bytes [68, 78, C6, B2, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\USER32.dll!OpenInputDesktop 0000000076b587cb 6 bytes [68, AD, BB, B1, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074bb1465 2 bytes [BB, 74] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074bb14bb 2 bytes [BB, 74] .text ... * 2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WININET.dll!InternetCloseHandle 0000000075433c22 6 bytes [68, E4, 26, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075436a17 6 bytes [68, 84, 28, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WININET.dll!HttpSendRequestW 0000000075437646 6 bytes [68, 6A, 24, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075437e28 6 bytes [68, E2, 23, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075448c8d 6 bytes [68, 58, 28, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WININET.dll!InternetReadFile 00000000754490cf 6 bytes [68, 51, 27, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WININET.dll!InternetReadFileExA 000000007545a7a6 6 bytes [68, 7F, 27, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WININET.dll!HttpSendRequestExW 000000007548b867 6 bytes [68, 14, 25, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WININET.dll!HttpEndRequestA 000000007548be5c 6 bytes [68, 4E, 26, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WININET.dll!InternetSetFilePointer 000000007549c204 6 bytes [68, FE, 27, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WININET.dll!HttpEndRequestW 0000000075503381 6 bytes [68, 99, 26, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WININET.dll!HttpSendRequestExA 000000007550343a 6 bytes [68, B1, 25, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WININET.dll!HttpSendRequestA 000000007550350a 6 bytes [68, BF, 24, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WININET.dll!HttpOpenRequestA 00000000755037ad 6 bytes [68, 26, 24, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000074db1884 6 bytes [68, 60, 62, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WS2_32.dll!closesocket 00000000768a3918 6 bytes [68, 3D, 2D, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WS2_32.dll!getaddrinfo 00000000768a4296 6 bytes [68, 4E, 29, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WS2_32.dll!WSASend 00000000768a4406 6 bytes [68, 96, 2D, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WS2_32.dll!send 00000000768a6f01 6 bytes [68, 75, 2D, B3, 02, C3] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3216] C:\windows\syswow64\WS2_32.dll!gethostbyname 00000000768b7673 6 bytes [68, DE, 28, B3, 02, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007700091c 4 bytes [68, CE, 7D, 2A] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077000921 1 byte [C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007701261d 6 bytes [68, 1B, BC, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c4dd 6 bytes [68, F3, 7E, 2A, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077022ad3 6 bytes [68, 61, BC, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077044168 6 bytes [68, A7, BC, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007704e695 6 bytes [68, ED, BC, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075604514 6 bytes [68, 5C, 81, 2A, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\kernel32.dll!ExitProcess 00000000756079b0 6 bytes [68, 1B, 81, 2A, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!GetDC 0000000076af72c4 4 bytes [68, 94, DD, 29] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!GetDC + 5 0000000076af72c9 1 byte [C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!ReleaseDC 0000000076af7446 6 bytes [68, 12, DE, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!TranslateMessage 0000000076af7809 6 bytes [68, C9, C4, 2A, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 6 bytes [68, 72, D7, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 6 bytes [68, 9A, D7, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!GetWindowDC 0000000076af8048 4 bytes [68, D3, DD, 29] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!GetWindowDC + 5 0000000076af804d 1 byte [C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!RegisterClassW 0000000076af8a65 6 bytes [68, 1F, BF, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!RegisterClassExW 0000000076afb17d 6 bytes [68, B9, BF, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!RegisterClassExA 0000000076afdb98 6 bytes [68, 0B, C0, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 6 bytes [68, C2, D7, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!CallWindowProcW 0000000076b00d32 6 bytes [68, 51, BE, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!GetCursorPos 0000000076b01218 6 bytes [68, A5, D5, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!EndPaint 0000000076b01341 4 bytes [68, F9, DC, 29] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!EndPaint + 5 0000000076b01346 1 byte [C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!BeginPaint 0000000076b01361 4 bytes [68, 89, DC, 29] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!BeginPaint + 5 0000000076b01366 1 byte [C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!GetMessagePos 0000000076b02a8d 6 bytes [68, 73, D5, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!GetCapture 0000000076b02aac 6 bytes [68, D3, D6, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!GetDCEx 0000000076b03391 4 bytes [68, 39, DD, 29] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!GetDCEx + 5 0000000076b03396 1 byte [C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!RegisterClassA 0000000076b0434b 6 bytes [68, 6C, BF, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 6 bytes [68, ED, D7, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!GetUpdateRgn 0000000076b06222 6 bytes [68, E5, DE, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!CallWindowProcA 0000000076b0792f 6 bytes [68, 9A, BE, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!DefFrameProcA 0000000076b07fbb 6 bytes [68, 7C, BD, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!DefMDIChildProcA 0000000076b0810c 6 bytes [68, 0B, BE, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!DefFrameProcW 0000000076b085c1 6 bytes [68, 33, BD, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076b086b4 6 bytes [68, C5, BD, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!GetUpdateRect 0000000076b1d41f 6 bytes [68, 52, DE, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!ReleaseCapture 0000000076b1ed49 6 bytes [68, 83, D6, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!SetCapture 0000000076b1ed56 4 bytes [68, 29, D6, 29] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!SetCapture + 5 0000000076b1ed5b 1 byte [C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!SwitchDesktop 0000000076b39854 6 bytes [68, FD, BB, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!SetCursorPos 0000000076b39cfd 6 bytes [68, EC, D5, 29, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000076b39f1d 6 bytes [68, 78, C6, 2A, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!OpenInputDesktop 0000000076b587cb 4 bytes [68, AD, BB, 29] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000076b587d0 1 byte [C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007680c532 6 bytes [68, D9, 81, 2A, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076842642 6 bytes [68, C2, 81, 2A, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000074db1884 6 bytes [68, 60, 62, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WS2_32.dll!closesocket 00000000768a3918 6 bytes [68, 3D, 2D, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WS2_32.dll!getaddrinfo 00000000768a4296 6 bytes [68, 4E, 29, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WS2_32.dll!WSASend 00000000768a4406 6 bytes [68, 96, 2D, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WS2_32.dll!send 00000000768a6f01 6 bytes [68, 75, 2D, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WS2_32.dll!gethostbyname 00000000768b7673 6 bytes [68, DE, 28, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WININET.dll!InternetCloseHandle 0000000075433c22 6 bytes [68, E4, 26, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075436a17 6 bytes [68, 84, 28, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WININET.dll!HttpSendRequestW 0000000075437646 6 bytes [68, 6A, 24, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075437e28 6 bytes [68, E2, 23, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075448c8d 6 bytes [68, 58, 28, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WININET.dll!InternetReadFile 00000000754490cf 6 bytes [68, 51, 27, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WININET.dll!InternetReadFileExA 000000007545a7a6 6 bytes [68, 7F, 27, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WININET.dll!HttpSendRequestExW 000000007548b867 6 bytes [68, 14, 25, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WININET.dll!HttpEndRequestA 000000007548be5c 6 bytes [68, 4E, 26, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WININET.dll!InternetSetFilePointer 000000007549c204 6 bytes [68, FE, 27, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WININET.dll!HttpEndRequestW 0000000075503381 6 bytes [68, 99, 26, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WININET.dll!HttpSendRequestExA 000000007550343a 6 bytes [68, B1, 25, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WININET.dll!HttpSendRequestA 000000007550350a 6 bytes [68, BF, 24, 2B, 00, C3] .text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\windows\syswow64\WININET.dll!HttpOpenRequestA 00000000755037ad 6 bytes [68, 26, 24, 2B, 00, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007700091c 6 bytes [68, CE, 7D, CC, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007701261d 6 bytes [68, 1B, BC, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c4dd 6 bytes [68, F3, 7E, CC, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077022ad3 6 bytes [68, 61, BC, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077044168 6 bytes [68, A7, BC, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007704e695 6 bytes [68, ED, BC, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075604514 6 bytes [68, 5C, 81, CC, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\kernel32.dll!ExitProcess 00000000756079b0 6 bytes [68, 1B, 81, CC, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!GetDC 0000000076af72c4 6 bytes [68, 94, DD, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!ReleaseDC 0000000076af7446 6 bytes [68, 12, DE, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!TranslateMessage 0000000076af7809 6 bytes [68, C9, C4, CC, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 6 bytes [68, 72, D7, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 6 bytes [68, 9A, D7, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!GetWindowDC 0000000076af8048 6 bytes [68, D3, DD, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!RegisterClassW 0000000076af8a65 6 bytes [68, 1F, BF, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!RegisterClassExW 0000000076afb17d 6 bytes [68, B9, BF, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!RegisterClassExA 0000000076afdb98 6 bytes [68, 0B, C0, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 6 bytes [68, C2, D7, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!CallWindowProcW 0000000076b00d32 6 bytes [68, 51, BE, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!GetCursorPos 0000000076b01218 6 bytes [68, A5, D5, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!EndPaint 0000000076b01341 6 bytes [68, F9, DC, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!BeginPaint 0000000076b01361 6 bytes [68, 89, DC, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!GetMessagePos 0000000076b02a8d 6 bytes [68, 73, D5, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!GetCapture 0000000076b02aac 6 bytes [68, D3, D6, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!GetDCEx 0000000076b03391 6 bytes [68, 39, DD, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!RegisterClassA 0000000076b0434b 6 bytes [68, 6C, BF, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 6 bytes [68, ED, D7, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!GetUpdateRgn 0000000076b06222 6 bytes [68, E5, DE, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!CallWindowProcA 0000000076b0792f 6 bytes [68, 9A, BE, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!DefFrameProcA 0000000076b07fbb 6 bytes [68, 7C, BD, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!DefMDIChildProcA 0000000076b0810c 6 bytes [68, 0B, BE, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!DefFrameProcW 0000000076b085c1 6 bytes [68, 33, BD, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076b086b4 6 bytes [68, C5, BD, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!GetUpdateRect 0000000076b1d41f 6 bytes [68, 52, DE, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!ReleaseCapture 0000000076b1ed49 6 bytes [68, 83, D6, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!SetCapture 0000000076b1ed56 6 bytes [68, 29, D6, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!SwitchDesktop 0000000076b39854 6 bytes [68, FD, BB, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!SetCursorPos 0000000076b39cfd 6 bytes [68, EC, D5, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000076b39f1d 6 bytes [68, 78, C6, CC, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\USER32.dll!OpenInputDesktop 0000000076b587cb 6 bytes [68, AD, BB, CB, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007680c532 6 bytes [68, D9, 81, CC, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076842642 6 bytes [68, C2, 81, CC, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WS2_32.dll!closesocket 00000000768a3918 6 bytes [68, 3D, 2D, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WS2_32.dll!getaddrinfo 00000000768a4296 6 bytes [68, 4E, 29, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WS2_32.dll!WSASend 00000000768a4406 6 bytes [68, 96, 2D, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WS2_32.dll!send 00000000768a6f01 6 bytes [68, 75, 2D, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WS2_32.dll!gethostbyname 00000000768b7673 6 bytes [68, DE, 28, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000074db1884 6 bytes [68, 60, 62, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WININET.dll!InternetCloseHandle 0000000075433c22 6 bytes [68, E4, 26, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075436a17 6 bytes [68, 84, 28, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WININET.dll!HttpSendRequestW 0000000075437646 6 bytes [68, 6A, 24, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075437e28 6 bytes [68, E2, 23, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075448c8d 6 bytes [68, 58, 28, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WININET.dll!InternetReadFile 00000000754490cf 6 bytes [68, 51, 27, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WININET.dll!InternetReadFileExA 000000007545a7a6 6 bytes [68, 7F, 27, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WININET.dll!HttpSendRequestExW 000000007548b867 6 bytes [68, 14, 25, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WININET.dll!HttpEndRequestA 000000007548be5c 6 bytes [68, 4E, 26, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WININET.dll!InternetSetFilePointer 000000007549c204 6 bytes [68, FE, 27, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WININET.dll!HttpEndRequestW 0000000075503381 6 bytes [68, 99, 26, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WININET.dll!HttpSendRequestExA 000000007550343a 6 bytes [68, B1, 25, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WININET.dll!HttpSendRequestA 000000007550350a 6 bytes [68, BF, 24, CD, 01, C3] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4124] C:\windows\syswow64\WININET.dll!HttpOpenRequestA 00000000755037ad 6 bytes [68, 26, 24, CD, 01, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\SysWOW64\ntdll.dll!NtCreateUserProcess 000000007700091c 4 bytes [68, CE, 7D, A9] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 0000000077000921 1 byte [C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007701261d 6 bytes [68, 1B, BC, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007701c4dd 6 bytes [68, F3, 7E, A9, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077022ad3 6 bytes [68, 61, BC, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077044168 6 bytes [68, A7, BC, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007704e695 6 bytes [68, ED, BC, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000075604514 6 bytes [68, 5C, 81, A9, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\kernel32.dll!ExitProcess 00000000756079b0 6 bytes [68, 1B, 81, A9, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007680c532 6 bytes [68, D9, 81, A9, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076842642 6 bytes [68, C2, 81, A9, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!GetDC 0000000076af72c4 4 bytes [68, 94, DD, A8] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!GetDC + 5 0000000076af72c9 1 byte [C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!ReleaseDC 0000000076af7446 6 bytes [68, 12, DE, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!TranslateMessage 0000000076af7809 6 bytes [68, C9, C4, A9, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!GetMessageW 0000000076af78e2 6 bytes [68, 72, D7, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!GetMessageA 0000000076af7bd3 6 bytes [68, 9A, D7, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!GetWindowDC 0000000076af8048 4 bytes [68, D3, DD, A8] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!GetWindowDC + 5 0000000076af804d 1 byte [C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!RegisterClassW 0000000076af8a65 6 bytes [68, 1F, BF, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!RegisterClassExW 0000000076afb17d 6 bytes [68, B9, BF, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!RegisterClassExA 0000000076afdb98 6 bytes [68, 0B, C0, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!PeekMessageW 0000000076b005ba 6 bytes [68, C2, D7, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!CallWindowProcW 0000000076b00d32 6 bytes [68, 51, BE, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!GetCursorPos 0000000076b01218 6 bytes [68, A5, D5, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!EndPaint 0000000076b01341 4 bytes [68, F9, DC, A8] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!EndPaint + 5 0000000076b01346 1 byte [C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!BeginPaint 0000000076b01361 4 bytes [68, 89, DC, A8] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!BeginPaint + 5 0000000076b01366 1 byte [C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!GetMessagePos 0000000076b02a8d 6 bytes [68, 73, D5, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!GetCapture 0000000076b02aac 6 bytes [68, D3, D6, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!GetDCEx 0000000076b03391 4 bytes [68, 39, DD, A8] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!GetDCEx + 5 0000000076b03396 1 byte [C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!RegisterClassA 0000000076b0434b 6 bytes [68, 6C, BF, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!PeekMessageA 0000000076b05f74 6 bytes [68, ED, D7, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!GetUpdateRgn 0000000076b06222 6 bytes [68, E5, DE, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!CallWindowProcA 0000000076b0792f 6 bytes [68, 9A, BE, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!DefFrameProcA 0000000076b07fbb 6 bytes [68, 7C, BD, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!DefMDIChildProcA 0000000076b0810c 6 bytes [68, 0B, BE, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!DefFrameProcW 0000000076b085c1 6 bytes [68, 33, BD, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076b086b4 6 bytes [68, C5, BD, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!GetUpdateRect 0000000076b1d41f 6 bytes [68, 52, DE, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!ReleaseCapture 0000000076b1ed49 6 bytes [68, 83, D6, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!SetCapture 0000000076b1ed56 4 bytes [68, 29, D6, A8] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!SetCapture + 5 0000000076b1ed5b 1 byte [C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!SwitchDesktop 0000000076b39854 6 bytes [68, FD, BB, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!SetCursorPos 0000000076b39cfd 6 bytes [68, EC, D5, A8, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!GetClipboardData 0000000076b39f1d 6 bytes [68, 78, C6, A9, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!OpenInputDesktop 0000000076b587cb 4 bytes [68, AD, BB, A8] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000076b587d0 1 byte [C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WS2_32.dll!closesocket 00000000768a3918 6 bytes [68, 3D, 2D, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WS2_32.dll!getaddrinfo 00000000768a4296 6 bytes [68, 4E, 29, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WS2_32.dll!WSASend 00000000768a4406 6 bytes [68, 96, 2D, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WS2_32.dll!send 00000000768a6f01 6 bytes [68, 75, 2D, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WS2_32.dll!gethostbyname 00000000768b7673 6 bytes [68, DE, 28, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000074db1884 6 bytes [68, 60, 62, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WININET.dll!InternetCloseHandle 0000000075433c22 6 bytes [68, E4, 26, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WININET.dll!HttpQueryInfoA 0000000075436a17 6 bytes [68, 84, 28, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WININET.dll!HttpSendRequestW 0000000075437646 6 bytes [68, 6A, 24, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WININET.dll!HttpOpenRequestW 0000000075437e28 6 bytes [68, E2, 23, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000075448c8d 6 bytes [68, 58, 28, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WININET.dll!InternetReadFile 00000000754490cf 6 bytes [68, 51, 27, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WININET.dll!InternetReadFileExA 000000007545a7a6 6 bytes [68, 7F, 27, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WININET.dll!HttpSendRequestExW 000000007548b867 6 bytes [68, 14, 25, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WININET.dll!HttpEndRequestA 000000007548be5c 6 bytes [68, 4E, 26, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WININET.dll!InternetSetFilePointer 000000007549c204 6 bytes [68, FE, 27, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WININET.dll!HttpEndRequestW 0000000075503381 6 bytes [68, 99, 26, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WININET.dll!HttpSendRequestExA 000000007550343a 6 bytes [68, B1, 25, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WININET.dll!HttpSendRequestA 000000007550350a 6 bytes [68, BF, 24, AA, 00, C3] .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4244] C:\windows\syswow64\WININET.dll!HttpOpenRequestA 00000000755037ad 6 bytes [68, 26, 24, AA, 00, C3] .text C:\Program Files\AVAST Software\Avast\avastUi.exe[7144] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007562a2ba 1 byte [62] .text C:\windows\notepad.exe[7372] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076c3eecd 1 byte [62] .text C:\Users\Natalia\Desktop\Tomek\gmer.exe[7340] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007562a2ba 1 byte [62] ---- Services - GMER 2.1 ---- Service C:\windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!! Service C:\windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!! Service C:\windows\system32\drivers\aswRdr2.sys (*** hidden *** ) [SYSTEM] aswRdr <-- ROOTKIT !!! Service C:\windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [BOOT] aswRvrt <-- ROOTKIT !!! Service C:\windows\system32\drivers\aswSnx.sys (*** hidden *** ) [SYSTEM] aswSnx <-- ROOTKIT !!! Service C:\windows\system32\drivers\aswSP.sys (*** hidden *** ) [SYSTEM] aswSP <-- ROOTKIT !!! Service C:\windows\system32\drivers\aswTdi.sys (*** hidden *** ) [SYSTEM] aswTdi <-- ROOTKIT !!! Service C:\windows\system32\drivers\aswVmm.sys (*** hidden *** ) [BOOT] aswVmm <-- ROOTKIT !!! Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ImagePath \??\C:\windows\system32\drivers\aswFsBlk.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description Avast! Mini-filter Driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \??\C:\windows\system32\drivers\aswRdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \??\C:\windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383684344 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383684344@ Package Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383684344@BootTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383684344@TickTimeout 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383684344@CreationTime 0x41 0x7E 0x91 0xFF ... Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383684344@SetupOperations MoveFile("\??\c:\program files\avast software\avast\ashwebsv.dll.1383684344","\??\c:\program files\avast software\avast\ashwebsv.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\ashwebsv.dll.sum.1383684344","\??\c:\program files\avast software\avast\ashwebsv.dll.sum",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastui.exe.1383684344","\??\c:\program files\avast software\avast\avastui.exe",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastui.exe.sum.1383684344","\??\c:\program files\avast software\avast\avastui.exe.sum",TRUE)? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ImagePath \??\C:\windows\system32\drivers\aswSnx.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ImagePath \??\C:\windows\system32\drivers\aswSP.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 11 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ImagePath \??\C:\windows\system32\drivers\aswTdi.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 288 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Instaluje i zarz?dza us?ugami antywirusowymi programu avast! na tym komputerze, co obejmuje os?ony dzia?aj?ce w czasie rzeczywistym, kwarantann? oraz harmonogram zada?. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0ca94f54167 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0ca94f54167 (not active ControlSet) ---- EOF - GMER 2.1 ----