Browser Redirect problem help required

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Browser Redirect problem help required I.E Browser Redirect

#1 willie1690

New Member

Group: Members
Posts: 12
Joined: 29-November 11

Posted 30 November 2011 - 03:56 PM

Hi,

I am looking for some help with getting rid of a troublesome browser redirect problem. While using google results page IE often redirects the link when clicked on to Info.com and other similar sites.
I have tried numerous virus scanners..AVG, Mcafee, and also ad removers such as Adaware, Superspy, TDSS killer. I have tried cleaning registries with all sorts of cleaners but it keeps coming back.
I would appreciate if anybody out there can have a look at my logs and provide me with some help in getting rid of this.....

I have attached the logs as requested.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-30 11:20:56
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00
Running: gmer.exe; Driver: C:\Users\Willie\AppData\Local\Temp\pwdiqpod.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8A1DB79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8A1DB738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8A1DB74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8A1DB7DC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8A1DB710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8A1DB724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8A1DB7B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8A1DB78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8A1DB776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8A1DB80B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8A1DB7F2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8A1DB7C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8A1DB762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 82047982 5 Bytes JMP 8A1DB7CC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateUserProcess 821E5C11 5 Bytes JMP 8A1DB766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 8220D143 5 Bytes JMP 8A1DB80F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8222C89A 7 Bytes JMP 8A1DB7E0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8222CB5D 5 Bytes JMP 8A1DB7F6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 822308C8 5 Bytes JMP 8A1DB77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 822362DD 7 Bytes JMP 8A1DB7B6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 822384FA 5 Bytes JMP 8A1DB728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 8223CFA8 5 Bytes JMP 8A1DB714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8225E33B 5 Bytes JMP 8A1DB7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 822ADD7F 5 Bytes JMP 8A1DB73C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 822ADDCA 7 Bytes JMP 8A1DB750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 822AE883 5 Bytes JMP 8A1DB78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EA0A340, 0x3EE577, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[760] kernel32.dll!GetStartupInfoW 76041929 5 Bytes JMP 001900B5
.text C:\Windows\system32\services.exe[760] kernel32.dll!GetStartupInfoA 760419C9 5 Bytes JMP 001900A4
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateProcessW 76041BF3 5 Bytes JMP 00190106
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateProcessA 76041C28 5 Bytes JMP 001900EB
.text C:\Windows\system32\services.exe[760] kernel32.dll!VirtualProtect 76041DC3 5 Bytes JMP 00190F8A
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateNamedPipeA 76042EF5 5 Bytes JMP 0019000A
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateNamedPipeW 76045C0C 5 Bytes JMP 00190025
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreatePipe 76068E6E 5 Bytes JMP 00190093
.text C:\Windows\system32\services.exe[760] kernel32.dll!LoadLibraryExW 76069109 5 Bytes JMP 00190058
.text C:\Windows\system32\services.exe[760] kernel32.dll!LoadLibraryW 76069362 5 Bytes JMP 00190FAF
.text C:\Windows\system32\services.exe[760] kernel32.dll!LoadLibraryExA 760694B4 5 Bytes JMP 00190047
.text C:\Windows\system32\services.exe[760] kernel32.dll!LoadLibraryA 760694DC 5 Bytes JMP 00190036
.text C:\Windows\system32\services.exe[760] kernel32.dll!VirtualProtectEx 7606DBDA 5 Bytes JMP 00190F79
.text C:\Windows\system32\services.exe[760] kernel32.dll!GetProcAddress 7608903B 5 Bytes JMP 00190121
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateFileW 7608AECB 5 Bytes JMP 00190FD4
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateFileA 7608CE5F 5 Bytes JMP 00190FE5
.text C:\Windows\system32\services.exe[760] kernel32.dll!WinExec 760D5CF7 5 Bytes JMP 001900DA
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExA 75DB39AB 5 Bytes JMP 0017005B
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyA 75DB3BA9 5 Bytes JMP 0017002F
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyA 75DB89C7 5 Bytes JMP 00170000
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyW 75DC391E 5 Bytes JMP 00170040
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExW 75DC41F1 5 Bytes JMP 00170F9E
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExA 75DC7C42 5 Bytes JMP 00170FD4
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyW 75DCE2B5 5 Bytes JMP 00170FE5
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExW 75DD7BA1 5 Bytes JMP 00170FB9
.text C:\Windows\system32\services.exe[760] msvcrt.dll!_wsystem 76177F2F 5 Bytes JMP 001A0FBC
.text C:\Windows\system32\services.exe[760] msvcrt.dll!system 7617804B 5 Bytes JMP 001A0FCD
.text C:\Windows\system32\services.exe[760] msvcrt.dll!_creat 7617BBE1 5 Bytes JMP 001A0022
.text C:\Windows\system32\services.exe[760] msvcrt.dll!_open 7617D106 5 Bytes JMP 001A0000
.text C:\Windows\system32\services.exe[760] msvcrt.dll!_wcreat 7617D326 5 Bytes JMP 001A003D
.text C:\Windows\system32\services.exe[760] msvcrt.dll!_wopen 7617D501 5 Bytes JMP 001A0011
.text C:\Windows\system32\services.exe[760] WS2_32.dll!socket 773236D1 5 Bytes JMP 001B000A
.text C:\Windows\system32\services.exe[760] WININET.dll!InternetOpenA 771BD4AD 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\services.exe[760] WININET.dll!InternetOpenW 771BD80A 5 Bytes JMP 001D0000
.text C:\Windows\system32\services.exe[760] WININET.dll!InternetOpenUrlA 771BFE7B 5 Bytes JMP 001D0FCA
.text C:\Windows\system32\services.exe[760] WININET.dll!InternetOpenUrlW 77209189 5 Bytes JMP 001D0FB9
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetStartupInfoW 76041929 5 Bytes JMP 00130F3D
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetStartupInfoA 760419C9 5 Bytes JMP 00130F4E
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateProcessW 76041BF3 5 Bytes JMP 00130EF6
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateProcessA 76041C28 5 Bytes JMP 00130F07
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!VirtualProtect 76041DC3 5 Bytes JMP 00130F7A
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateNamedPipeA 76042EF5 5 Bytes JMP 0013001B
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateNamedPipeW 76045C0C 5 Bytes JMP 00130FD4
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreatePipe 76068E6E 5 Bytes JMP 00130F5F
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryExW 76069109 5 Bytes JMP 00130F8B
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryW 76069362 5 Bytes JMP 00130FB9
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryExA 760694B4 5 Bytes JMP 00130FA8
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!LoadLibraryA 760694DC 5 Bytes JMP 00130040
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!VirtualProtectEx 7606DBDA 5 Bytes JMP 0013006F
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!GetProcAddress 7608903B 5 Bytes JMP 0013009E
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateFileW 7608AECB 5 Bytes JMP 0013000A
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!CreateFileA 7608CE5F 5 Bytes JMP 00130FEF
.text C:\Windows\system32\lsass.exe[800] kernel32.dll!WinExec 760D5CF7 5 Bytes JMP 00130F2C
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyExA 75DB39AB 5 Bytes JMP 00120F91
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyA 75DB3BA9 5 Bytes JMP 00120FC7
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyA 75DB89C7 5 Bytes JMP 00120000
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyW 75DC391E 5 Bytes JMP 00120FAC
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegCreateKeyExW 75DC41F1 5 Bytes JMP 0012004E
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyExA 75DC7C42 5 Bytes JMP 0012002C
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyW 75DCE2B5 5 Bytes JMP 00120011
.text C:\Windows\system32\lsass.exe[800] ADVAPI32.dll!RegOpenKeyExW 75DD7BA1 5 Bytes JMP 0012003D
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_wsystem 76177F2F 5 Bytes JMP 0014001B
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!system 7617804B 5 Bytes JMP 00140F90
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_creat 7617BBE1 5 Bytes JMP 00140FBC
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_open 7617D106 5 Bytes JMP 00140000
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_wcreat 7617D326 5 Bytes JMP 00140FA1
.text C:\Windows\system32\lsass.exe[800] msvcrt.dll!_wopen 7617D501 5 Bytes JMP 00140FE3
.text C:\Windows\system32\lsass.exe[800] WS2_32.dll!socket 773236D1 5 Bytes JMP 00920FEF
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenA 771BD4AD 5 Bytes JMP 0091000A
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenW 771BD80A 5 Bytes JMP 0091001B
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenUrlA 771BFE7B 5 Bytes JMP 00910FE5
.text C:\Windows\system32\lsass.exe[800] WININET.dll!InternetOpenUrlW 77209189 5 Bytes JMP 00910FC0
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!GetStartupInfoW 76041929 5 Bytes JMP 001A0F7C
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!GetStartupInfoA 760419C9 5 Bytes JMP 001A0F8D
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!CreateProcessW 76041BF3 5 Bytes JMP 001A0F46
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!CreateProcessA 76041C28 5 Bytes JMP 001A00DD
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!VirtualProtect 76041DC3 5 Bytes JMP 001A0093
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!CreateNamedPipeA 76042EF5 5 Bytes JMP 001A0FCA
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!CreateNamedPipeW 76045C0C 5 Bytes JMP 001A0FB9
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!CreatePipe 76068E6E 5 Bytes JMP 001A0F9E
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!LoadLibraryExW 76069109 5 Bytes JMP 001A0076
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!LoadLibraryW 76069362 5 Bytes JMP 001A004A
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!LoadLibraryExA 760694B4 5 Bytes JMP 001A005B
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!LoadLibraryA 760694DC 5 Bytes JMP 001A0025
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!VirtualProtectEx 7606DBDA 5 Bytes JMP 001A00AE
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!GetProcAddress 7608903B 5 Bytes JMP 001A00F8
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!CreateFileW 7608AECB 5 Bytes JMP 001A0FDB
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!CreateFileA 7608CE5F 5 Bytes JMP 001A0000
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!WinExec 760D5CF7 5 Bytes JMP 001A0F6B
.text C:\Windows\system32\svchost.exe[832] msvcrt.dll!_wsystem 76177F2F 5 Bytes JMP 001C003D
.text C:\Windows\system32\svchost.exe[832] msvcrt.dll!system 7617804B 5 Bytes JMP 001C0FB2
.text C:\Windows\system32\svchost.exe[832] msvcrt.dll!_creat 7617BBE1 5 Bytes JMP 001C0FD7
.text C:\Windows\system32\svchost.exe[832] msvcrt.dll!_open 7617D106 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[832] msvcrt.dll!_wcreat 7617D326 5 Bytes JMP 001C0022
.text C:\Windows\system32\svchost.exe[832] msvcrt.dll!_wopen 7617D501 5 Bytes JMP 001C0011
.text C:\Windows\system32\svchost.exe[832] ADVAPI32.dll!RegCreateKeyExA 75DB39AB 5 Bytes JMP 00190FA5
.text C:\Windows\system32\svchost.exe[832] ADVAPI32.dll!RegCreateKeyA 75DB3BA9 5 Bytes JMP 00190FC0
.text C:\Windows\system32\svchost.exe[832] ADVAPI32.dll!RegOpenKeyA 75DB89C7 5 Bytes JMP 00190FE5
.text C:\Windows\system32\svchost.exe[832] ADVAPI32.dll!RegCreateKeyW 75DC391E 5 Bytes JMP 00190047
.text C:\Windows\system32\svchost.exe[832] ADVAPI32.dll!RegCreateKeyExW 75DC41F1 5 Bytes JMP 00190F94
.text C:\Windows\system32\svchost.exe[832] ADVAPI32.dll!RegOpenKeyExA 75DC7C42 5 Bytes JMP 0019001B
.text C:\Windows\system32\svchost.exe[832] ADVAPI32.dll!RegOpenKeyW 75DCE2B5 5 Bytes JMP 00190000
.text C:\Windows\system32\svchost.exe[832] ADVAPI32.dll!RegOpenKeyExW 75DD7BA1 5 Bytes JMP 0019002C
.text C:\Windows\system32\svchost.exe[832] WS2_32.dll!socket 773236D1 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!GetStartupInfoW 76041929 5 Bytes JMP 00850F66
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!GetStartupInfoA 760419C9 5 Bytes JMP 008500AC
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CreateProcessW 76041BF3 5 Bytes JMP 00850F41
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CreateProcessA 76041C28 5 Bytes JMP 008500D8
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!VirtualProtect 76041DC3 5 Bytes JMP 00850065
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeA 76042EF5 5 Bytes JMP 00850FCD
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeW 76045C0C 5 Bytes JMP 0085001E
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CreatePipe 76068E6E 5 Bytes JMP 00850091
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!LoadLibraryExW 76069109 5 Bytes JMP 00850054
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!LoadLibraryW 76069362 5 Bytes JMP 00850FB2
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!LoadLibraryExA 760694B4 5 Bytes JMP 00850F97
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!LoadLibraryA 760694DC 5 Bytes JMP 00850039
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!VirtualProtectEx 7606DBDA 5 Bytes JMP 00850080
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!GetProcAddress 7608903B 5 Bytes JMP 00850F30
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CreateFileW 7608AECB 5 Bytes JMP 00850FDE
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!CreateFileA 7608CE5F 5 Bytes JMP 00850FEF
.text C:\Windows\system32\svchost.exe[952] kernel32.dll!WinExec 760D5CF7 5 Bytes JMP 008500BD
.text C:\Windows\system32\svchost.exe[952] msvcrt.dll!_wsystem 76177F2F 5 Bytes JMP 008A0036
.text C:\Windows\system32\svchost.exe[952] msvcrt.dll!system 7617804B 5 Bytes JMP 008A0011
.text C:\Windows\system32\svchost.exe[952] msvcrt.dll!_creat 7617BBE1 5 Bytes JMP 008A0FB5
.text C:\Windows\system32\svchost.exe[952] msvcrt.dll!_open 7617D106 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[952] msvcrt.dll!_wcreat 7617D326 5 Bytes JMP 008A0000
.text C:\Windows\system32\svchost.exe[952] msvcrt.dll!_wopen 7617D501 5 Bytes JMP 008A0FD2
.text C:\Windows\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExA 75DB39AB 5 Bytes JMP 00840F97
.text C:\Windows\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyA 75DB3BA9 5 Bytes JMP 00840FBC
.text C:\Windows\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyA 75DB89C7 5 Bytes JMP 00840FEF
.text C:\Windows\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyW 75DC391E 5 Bytes JMP 00840039
.text C:\Windows\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExW 75DC41F1 5 Bytes JMP 0084004A
.text C:\Windows\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExA 75DC7C42 5 Bytes JMP 00840014
.text C:\Windows\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyW 75DCE2B5 5 Bytes JMP 00840FDE
.text C:\Windows\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExW 75DD7BA1 5 Bytes JMP 00840FCD
.text C:\Windows\system32\svchost.exe[952] WS2_32.dll!socket 773236D1 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!GetStartupInfoW 76041929 5 Bytes JMP 006C00A5
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!GetStartupInfoA 760419C9 5 Bytes JMP 006C0F55
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateProcessW 76041BF3 5 Bytes JMP 006C00CA
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateProcessA 76041C28 5 Bytes JMP 006C0F33
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!VirtualProtect 76041DC3 5 Bytes JMP 006C0F84
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateNamedPipeA 76042EF5 5 Bytes JMP 006C001E
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateNamedPipeW 76045C0C 5 Bytes JMP 006C0FCD
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreatePipe 76068E6E 5 Bytes JMP 006C008A
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExW 76069109 5 Bytes JMP 006C005E
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!LoadLibraryW 76069362 5 Bytes JMP 006C0FA1
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExA 760694B4 5 Bytes JMP 006C0043
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!LoadLibraryA 760694DC 5 Bytes JMP 006C0FBC
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!VirtualProtectEx 7606DBDA 5 Bytes JMP 006C0079
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!GetProcAddress 7608903B 5 Bytes JMP 006C00E5
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateFileW 7608AECB 5 Bytes JMP 006C0FDE
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateFileA 7608CE5F 5 Bytes JMP 006C0FEF
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!WinExec 760D5CF7 5 Bytes JMP 006C0F44
.text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_wsystem 76177F2F 5 Bytes JMP 006D0FB2
.text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!system 7617804B 5 Bytes JMP 006D003D
.text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_creat 7617BBE1 5 Bytes JMP 006D0FDE
.text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_open 7617D106 5 Bytes JMP 006D000C
.text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_wcreat 7617D326 5 Bytes JMP 006D0FCD
.text C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_wopen 7617D501 5 Bytes JMP 006D0FEF
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExA 75DB39AB 5 Bytes JMP 006B002F
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyA 75DB3BA9 5 Bytes JMP 006B0014
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyA 75DB89C7 5 Bytes JMP 006B0FE5
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyW 75DC391E 5 Bytes JMP 006B0F97
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExW 75DC41F1 5 Bytes JMP 006B0040
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExA 75DC7C42 5 Bytes JMP 006B0FB9
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyW 75DCE2B5 5 Bytes JMP 006B0FD4
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExW 75DD7BA1 5 Bytes JMP 006B0FA8
.text C:\Windows\system32\svchost.exe[1032] WS2_32.dll!socket 773236D1 5 Bytes JMP 00730000
.text C:\Windows\system32\svchost.exe[1032] WININET.dll!InternetOpenA 771BD4AD 5 Bytes JMP 006E0FEF
.text C:\Windows\system32\svchost.exe[1032] WININET.dll!InternetOpenW 771BD80A 5 Bytes JMP 006E000A
.text C:\Windows\system32\svchost.exe[1032] WININET.dll!InternetOpenUrlA 771BFE7B 5 Bytes JMP 006E0FD4
.text C:\Windows\system32\svchost.exe[1032] WININET.dll!InternetOpenUrlW 77209189 5 Bytes JMP 006E0FC3
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 76041929 5 Bytes JMP 00750098
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 760419C9 5 Bytes JMP 00750087
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateProcessW 76041BF3 5 Bytes JMP 007500C4
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateProcessA 76041C28 5 Bytes JMP 007500B3
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!VirtualProtect 76041DC3 5 Bytes JMP 00750F92
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 76042EF5 5 Bytes JMP 00750FE5
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 76045C0C 5 Bytes JMP 00750036
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreatePipe 76068E6E 5 Bytes JMP 00750F66
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 76069109 5 Bytes JMP 00750076
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryW 76069362 5 Bytes JMP 00750FD4
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 760694B4 5 Bytes JMP 00750FC3
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryA 760694DC 5 Bytes JMP 0075005B
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 7606DBDA 5 Bytes JMP 00750F77
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!GetProcAddress 7608903B 5 Bytes JMP 007500DF
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateFileW 7608AECB 5 Bytes JMP 0075001B
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateFileA 7608CE5F 5 Bytes JMP 00750000
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!WinExec 760D5CF7 5 Bytes JMP 00750F37
.text C:\Windows\System32\svchost.exe[1084] msvcrt.dll!_wsystem 76177F2F 5 Bytes JMP 00760F90
.text C:\Windows\System32\svchost.exe[1084] msvcrt.dll!system 7617804B 5 Bytes JMP 00760025
.text C:\Windows\System32\svchost.exe[1084] msvcrt.dll!_creat 7617BBE1 5 Bytes JMP 00760FC6
.text C:\Windows\System32\svchost.exe[1084] msvcrt.dll!_open 7617D106 5 Bytes JMP 00760FE3
.text C:\Windows\System32\svchost.exe[1084] msvcrt.dll!_wcreat 7617D326 5 Bytes JMP 00760FB5
.text C:\Windows\System32\svchost.exe[1084] msvcrt.dll!_wopen 7617D501 5 Bytes JMP 00760000
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 75DB39AB 5 Bytes JMP 00730FB2
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 75DB3BA9 5 Bytes JMP 0073002F
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 75DB89C7 5 Bytes JMP 00730FEF
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 75DC391E 5 Bytes JMP 0073004A
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 75DC41F1 5 Bytes JMP 0073006F
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 75DC7C42 5 Bytes JMP 00730014
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 75DCE2B5 5 Bytes JMP 00730FDE
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 75DD7BA1 5 Bytes JMP 00730FC3
.text C:\Windows\System32\svchost.exe[1084] WS2_32.dll!socket 773236D1 5 Bytes JMP 009C0000
.text C:\Windows\System32\svchost.exe[1084] WININET.dll!InternetOpenA 771BD4AD 5 Bytes JMP 008F0FE5
.text C:\Windows\System32\svchost.exe[1084] WININET.dll!InternetOpenW 771BD80A 5 Bytes JMP 008F000A
.text C:\Windows\System32\svchost.exe[1084] WININET.dll!InternetOpenUrlA 771BFE7B 5 Bytes JMP 008F0025
.text C:\Windows\System32\svchost.exe[1084] WININET.dll!InternetOpenUrlW 77209189 5 Bytes JMP 008F0FD4
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!GetStartupInfoW 76041929 5 Bytes JMP 00EA00A2
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!GetStartupInfoA 760419C9 5 Bytes JMP 00EA0087
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!CreateProcessW 76041BF3 5 Bytes JMP 00EA0F15
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!CreateProcessA 76041C28 5 Bytes JMP 00EA0F26
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!VirtualProtect 76041DC3 5 Bytes JMP 00EA0F77
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!CreateNamedPipeA 76042EF5 5 Bytes JMP 00EA0FDB
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!CreateNamedPipeW 76045C0C 5 Bytes JMP 00EA0FCA
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!CreatePipe 76068E6E 5 Bytes JMP 00EA0076
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!LoadLibraryExW 76069109 5 Bytes JMP 00EA0051
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!LoadLibraryW 76069362 5 Bytes JMP 00EA0F9E
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!LoadLibraryExA 760694B4 5 Bytes JMP 00EA0040
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!LoadLibraryA 760694DC 5 Bytes JMP 00EA0FB9
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!VirtualProtectEx 7606DBDA 5 Bytes JMP 00EA0F66
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!GetProcAddress 7608903B 5 Bytes JMP 00EA00C7
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!CreateFileW 7608AECB 5 Bytes JMP 00EA0011
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!CreateFileA 7608CE5F 5 Bytes JMP 00EA0000
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!WinExec 760D5CF7 5 Bytes JMP 00EA0F41
.text C:\Windows\System32\svchost.exe[1120] msvcrt.dll!_wsystem 76177F2F 5 Bytes JMP 00EF0077
.text C:\Windows\System32\svchost.exe[1120] msvcrt.dll!system 7617804B 5 Bytes JMP 00EF0066
.text C:\Windows\System32\svchost.exe[1120] msvcrt.dll!_creat 7617BBE1 5 Bytes JMP 00EF0044
.text C:\Windows\System32\svchost.exe[1120] msvcrt.dll!_open 7617D106 5 Bytes JMP 00EF000C
.text C:\Windows\System32\svchost.exe[1120] msvcrt.dll!_wcreat 7617D326 5 Bytes JMP 00EF0055
.text C:\Windows\System32\svchost.exe[1120] msvcrt.dll!_wopen 7617D501 5 Bytes JMP 00EF001D
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExA 75DB39AB 5 Bytes JMP 00E80F8D
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyA 75DB3BA9 5 Bytes JMP 00E80FA8
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyA 75DB89C7 5 Bytes JMP 00E80FEF
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyW 75DC391E 5 Bytes JMP 00E8002F
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExW 75DC41F1 5 Bytes JMP 00E8004A
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExA 75DC7C42 5 Bytes JMP 00E80014
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyW 75DCE2B5 5 Bytes JMP 00E80FD4
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExW 75DD7BA1 5 Bytes JMP 00E80FB9
.text C:\Windows\System32\svchost.exe[1120] WS2_32.dll!socket 773236D1 5 Bytes JMP 00F00FEF
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetStartupInfoW 76041929 5 Bytes JMP 012B00BD
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetStartupInfoA 760419C9 5 Bytes JMP 012B0F77
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessW 76041BF3 5 Bytes JMP 012B0F52
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessA 76041C28 5 Bytes JMP 012B00E9
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!VirtualProtect 76041DC3 5 Bytes JMP 012B0F99
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateNamedPipeA 76042EF5 5 Bytes JMP 012B0FE5
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateNamedPipeW 76045C0C 5 Bytes JMP 012B0FD4
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreatePipe 76068E6E 5 Bytes JMP 012B00A2
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 76069109 5 Bytes JMP 012B0073
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryW 76069362 5 Bytes JMP 012B0051
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryExA 760694B4 5 Bytes JMP 012B0062
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryA 760694DC 5 Bytes JMP 012B0040
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!VirtualProtectEx 7606DBDA 5 Bytes JMP 012B0F88
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetProcAddress 7608903B 5 Bytes JMP 012B0F37
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateFileW 7608AECB 5 Bytes JMP 012B001B
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateFileA 7608CE5F 5 Bytes JMP 012B0000
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!WinExec 760D5CF7 5 Bytes JMP 012B00D8
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_wsystem 76177F2F 5 Bytes JMP 01340FCF
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!system 7617804B 5 Bytes JMP 0134005A
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_creat 7617BBE1 5 Bytes JMP 0134002E
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_open 7617D106 5 Bytes JMP 01340000
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_wcreat 7617D326 5 Bytes JMP 01340049
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_wopen 7617D501 5 Bytes JMP 0134001D
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExA 75DB39AB 5 Bytes JMP 012A0062
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyA 75DB3BA9 5 Bytes JMP 012A0FCA
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyA 75DB89C7 5 Bytes JMP 012A0FE5
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW 75DC391E 5 Bytes JMP 012A0047
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExW 75DC41F1 5 Bytes JMP 012A0FA5
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExA 75DC7C42 5 Bytes JMP 012A001B
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyW 75DCE2B5 5 Bytes JMP 012A0000
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExW 75DD7BA1 5 Bytes JMP 012A0036
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtProtectVirtualMemory 77514B84 5 Bytes JMP 0098000A
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtWriteVirtualMemory 775154C4 5 Bytes JMP 00A1000A
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!KiUserExceptionDispatcher 77515BF8 5 Bytes JMP 0096000A
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 76041929 5 Bytes JMP 00A80F5E
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 760419C9 5 Bytes JMP 00A80F6F
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 76041BF3 5 Bytes JMP 00A800EB
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 76041C28 5 Bytes JMP 00A800DA
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!VirtualProtect 76041DC3 5 Bytes JMP 00A80089
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 76042EF5 5 Bytes JMP 00A80FEF
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 76045C0C 5 Bytes JMP 00A80FDE
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreatePipe 76068E6E 5 Bytes JMP 00A800A4
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 76069109 5 Bytes JMP 00A80078
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryW 76069362 5 Bytes JMP 00A8005B
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 760694B4 5 Bytes JMP 00A80FB9
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryA 760694DC 5 Bytes JMP 00A80040
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 7606DBDA 5 Bytes JMP 00A80F8A
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetProcAddress 7608903B 5 Bytes JMP 00A80106
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateFileW 7608AECB 5 Bytes JMP 00A80025
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateFileA 7608CE5F 5 Bytes JMP 00A8000A
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!WinExec 760D5CF7 5 Bytes JMP 00A800C9
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wsystem 76177F2F 5 Bytes JMP 00A9005F
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!system 7617804B 5 Bytes JMP 00A90FD4
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_creat 7617BBE1 5 Bytes JMP 00A90033
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_open 7617D106 5 Bytes JMP 00A90FEF
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wcreat 7617D326 5 Bytes JMP 00A90044
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wopen 7617D501 5 Bytes JMP 00A9000C
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 75DB39AB 5 Bytes JMP 00A70F9E
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 75DB3BA9 5 Bytes JMP 00A70FCA
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 75DB89C7 5 Bytes JMP 00A70000
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 75DC391E 5 Bytes JMP 00A70FB9
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 75DC41F1 5 Bytes JMP 00A70F8D
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 75DC7C42 5 Bytes JMP 00A7001B
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 75DCE2B5 5 Bytes JMP 00A70FDB
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 75DD7BA1 5 Bytes JMP 00A70036
.text C:\Windows\system32\svchost.exe[1136] WS2_32.dll!socket 773236D1 5 Bytes JMP 01310FEF
.text C:\Windows\system32\svchost.exe[1136] WININET.dll!InternetOpenA 771BD4AD 5 Bytes JMP 00AA000A
.text C:\Windows\system32\svchost.exe[1136] WININET.dll!InternetOpenW 771BD80A 5 Bytes JMP 00AA001B
.text C:\Windows\system32\svchost.exe[1136] WININET.dll!InternetOpenUrlA 771BFE7B 5 Bytes JMP 00AA0036
.text C:\Windows\system32\svchost.exe[1136] WININET.dll!InternetOpenUrlW 77209189 5 Bytes JMP 00AA0051
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoW 76041929 5 Bytes JMP 00950087
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 760419C9 5 Bytes JMP 00950F41
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 76041BF3 5 Bytes JMP 00950EFA
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 76041C28 5 Bytes JMP 00950F15
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!VirtualProtect 76041DC3 5 Bytes JMP 0095006C
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 76042EF5 5 Bytes JMP 00950FD4
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 76045C0C 5 Bytes JMP 00950025
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreatePipe 76068E6E 5 Bytes JMP 00950F5C
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 76069109 5 Bytes JMP 00950F92
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!LoadLibraryW 76069362 5 Bytes JMP 00950040
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 760694B4 5 Bytes JMP 0095005B
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!LoadLibraryA 760694DC 5 Bytes JMP 00950FB9
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 7606DBDA 5 Bytes JMP 00950F6D
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!GetProcAddress 7608903B 5 Bytes JMP 00950EDF
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateFileW 7608AECB 5 Bytes JMP 0095000A
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!CreateFileA 7608CE5F 5 Bytes JMP 00950FEF
.text C:\Windows\system32\svchost.exe[1268] kernel32.dll!WinExec 760D5CF7 5 Bytes JMP 00950F26
.text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_wsystem 76177F2F 5 Bytes JMP 00960F86
.text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!system 7617804B 5 Bytes JMP 00960FAB
.text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_creat 7617BBE1 5 Bytes JMP 00960FCD
.text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_open 7617D106 5 Bytes JMP 00960FEF
.text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_wcreat 7617D326 5 Bytes JMP 00960FBC
.text C:\Windows\system32\svchost.exe[1268] msvcrt.dll!_wopen 7617D501 5 Bytes JMP 00960FDE
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 75DB39AB 5 Bytes JMP 0018005B
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 75DB3BA9 5 Bytes JMP 00180040
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 75DB89C7 5 Bytes JMP 00180FEF
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 75DC391E 5 Bytes JMP 00180FAF
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 75DC41F1 5 Bytes JMP 0018006C
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 75DC7C42 5 Bytes JMP 00180FD4
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 75DCE2B5 5 Bytes JMP 00180014
.text C:\Windows\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 75DD7BA1 5 Bytes JMP 00180025
.text C:\Windows\system32\svchost.exe[1268] WS2_32.dll!socket 773236D1 5 Bytes JMP 0098000A
.text C:\Windows\system32\svchost.exe[1268] WinInet.dll!InternetOpenA 771BD4AD 5 Bytes JMP 00970FE5
.text C:\Windows\system32\svchost.exe[1268] WinInet.dll!InternetOpenW 771BD80A 5 Bytes JMP 00970000
.text C:\Windows\system32\svchost.exe[1268] WinInet.dll!InternetOpenUrlA 771BFE7B 5 Bytes JMP 00970011
.text C:\Windows\system32\svchost.exe[1268] WinInet.dll!InternetOpenUrlW 77209189 5 Bytes JMP 0097002C
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoW 76041929 5 Bytes JMP 009100EB
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoA 760419C9 5 Bytes JMP 009100D0
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateProcessW 76041BF3 5 Bytes JMP 00910F5E
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateProcessA 76041C28 5 Bytes JMP 00910F6F
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!VirtualProtect 76041DC3 5 Bytes JMP 0091009A
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeA 76042EF5 5 Bytes JMP 00910025
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeW 76045C0C 5 Bytes JMP 00910040
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreatePipe 76068E6E 5 Bytes JMP 009100BF
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExW 76069109 5 Bytes JMP 00910FC0
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryW 76069362 5 Bytes JMP 00910062
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExA 760694B4 5 Bytes JMP 0091007D
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryA 760694DC 5 Bytes JMP 00910051
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!VirtualProtectEx 7606DBDA 5 Bytes JMP 00910FAF
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetProcAddress 7608903B 5 Bytes JMP 00910F4D
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateFileW 7608AECB 5 Bytes JMP 00910FEF
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateFileA 7608CE5F 5 Bytes JMP 00910000
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!WinExec 760D5CF7 5 Bytes JMP 00910F8A
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_wsystem 76177F2F 5 Bytes JMP 00920053
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!system 7617804B 5 Bytes JMP 00920038
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_creat 7617BBE1 5 Bytes JMP 0092001D
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_open 7617D106 5 Bytes JMP 0092000C
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_wcreat 7617D326 5 Bytes JMP 00920FC8
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_wopen 7617D501 5 Bytes JMP 00920FEF
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExA 75DB39AB 5 Bytes JMP 008C0F68
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyA 75DB3BA9 5 Bytes JMP 008C0F94
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyA 75DB89C7 5 Bytes JMP 008C0FE5
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyW 75DC391E 5 Bytes JMP 008C0F83
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExW 75DC41F1 5 Bytes JMP 008C0F57
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExA 75DC7C42 5 Bytes JMP 008C0FB9
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyW 75DCE2B5 5 Bytes JMP 008C0FD4
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExW 75DD7BA1 5 Bytes JMP 008C0000
.text C:\Windows\system32\svchost.exe[1452] WS2_32.dll!socket 773236D1 5 Bytes JMP 00980000
.text C:\Windows\system32\svchost.exe[1452] WININET.dll!InternetOpenA 771BD4AD 5 Bytes JMP 00970FEF
.text C:\Windows\system32\svchost.exe[1452] WININET.dll!InternetOpenW 771BD80A 5 Bytes JMP 00970FD4
.text C:\Windows\system32\svchost.exe[1452] WININET.dll!InternetOpenUrlA 771BFE7B 5 Bytes JMP 00970FB9
.text C:\Windows\system32\svchost.exe[1452] WININET.dll!InternetOpenUrlW 77209189 5 Bytes JMP 00970FA8
.text C:\Windows\System32\svchost.exe[1480] kernel32.dll!GetStartupInfoW 76041929 5 Bytes JMP 00AD0098
.text C:\Windows\System32\svchost.exe[1480] kernel32.dll!GetStartupInfoA 760419C9 5 Bytes JMP 00AD0073
.text C:\Windows\System32\svchost.exe[1480] kernel32.dll!CreateProcessW 76041BF3 5 Bytes JMP 00AD0F15
.text C:\Windows\System32\svchost.exe[1480] kernel32.dll!CreateProcessA 76041C28 5 Bytes JMP 00AD0F26
.text C:\Windows\System32\svchost.exe[1480] kernel32.dll!VirtualProtect 76041DC3 5 Bytes JMP 00AD0051
.text C:\Windows\System32\svchost.exe[1480] kernel32.dll!CreateNamedPipeA 76042EF5 5 Bytes JMP 00AD0025
.text C:\Windows\System32\svchost.exe[1480] kernel32.dll!CreateNamedPipeW 76045C0C 5 Bytes JMP 00AD0FD4
.text C:\Windows\System32\svchost.exe[1480] kernel32.dll!CreatePipe 76068E6E 5 Bytes JMP 00AD0F52
.text C:\Windows\System32\svchost.exe[1480] kernel32.dll!LoadLibraryExW 76069109 5 Bytes JMP 00AD0F83
.text C:\Windows\System32\svchost.exe[1480] kernel32.dll!LoadLibraryW 76069362 5 Bytes JMP 00AD0FA8
.text C:\Windows\System32\svchost.exe[1480] kernel32.dll!LoadLibraryExA 760694B4 5 Bytes JMP 00AD0040
.text C:\Windows\System32\svchost.exe[1480] kernel32.dll!LoadLibraryA 760694DC 5 Bytes JMP 00AD0FC3
.text C:\Windows\System32\svchost.exe[1480] kernel32.dll!VirtualProtectEx 7606DBDA 5 Bytes JMP 00AD0062
.text C:\Windows\System32\svchost.exe[1480] kernel32.dll!GetProcAddress 7608903B 5 Bytes JMP 00AD00C7
.text C:\Windows\System32\svchost.exe[1480] kernel32.dll!CreateFileW 7608AECB 5 Bytes JMP 00AD0014
.text C:\Windows\System32\svchost.exe[1480] kernel32.dll!CreateFileA 7608CE5F 5 Bytes JMP 00AD0FEF
.text C:\Windows\System32\svchost.exe[1480] kernel32.dll!WinExec 760D5CF7 5 Bytes JMP 00AD0F37
.text C:\Windows\System32\svchost.exe[1480] msvcrt.dll!_wsystem 76177F2F 5 Bytes JMP 00AE0031
.text C:\Windows\System32\svchost.exe[1480] msvcrt.dll!system 7617804B 5 Bytes JMP 00AE0FA6
.text C:\Windows\System32\svchost.exe[1480] msvcrt.dll!_creat 7617BBE1 5 Bytes JMP 00AE0FC1
.text C:\Windows\System32\svchost.exe[1480] msvcrt.dll!_open 7617D106 5 Bytes JMP 00AE0FEF
.text C:\Windows\System32\svchost.exe[1480] msvcrt.dll!_wcreat 7617D326 5 Bytes JMP 00AE0016
.text C:\Windows\System32\svchost.exe[1480] msvcrt.dll!_wopen 7617D501 5 Bytes JMP 00AE0FD2
.text C:\Windows\System32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyExA 75DB39AB 5 Bytes JMP 00AB0F8D
.text C:\Windows\System32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyA 75DB3BA9 5 Bytes JMP 00AB0FA8
.text C:\Windows\System32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyA 75DB89C7 5 Bytes JMP 00AB0000
.text C:\Windows\System32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyW 75DC391E 5 Bytes JMP 00AB002F
.text C:\Windows\System32\svchost.exe[1480] ADVAPI32.dll!RegCreateKeyExW 75DC41F1 5 Bytes JMP 00AB0040
.text C:\Windows\System32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyExA 75DC7C42 5 Bytes JMP 00AB0FD4
.text C:\Windows\System32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyW 75DCE2B5 5 Bytes JMP 00AB0FEF
.text C:\Windows\System32\svchost.exe[1480] ADVAPI32.dll!RegOpenKeyExW 75DD7BA1 5 Bytes JMP 00AB0FB9
.text C:\Windows\System32\svchost.exe[1480] WS2_32.dll!socket 773236D1 5 Bytes JMP 00C10000
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!GetStartupInfoW 76041929 5 Bytes JMP 000100BB
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!GetStartupInfoA 760419C9 5 Bytes JMP 00010F6B
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!CreateProcessW 76041BF3 5 Bytes JMP 00010F50
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!CreateProcessA 76041C28 5 Bytes JMP 000100E7
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!VirtualProtect 76041DC3 5 Bytes JMP 00010FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!CreateNamedPipeA 76042EF5 5 Bytes JMP 00010025
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!CreateNamedPipeW 76045C0C 5 Bytes JMP 00010040
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!CreatePipe 76068E6E 5 Bytes JMP 00010F7C
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!LoadLibraryExW 76069109 5 Bytes JMP 00010076
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!LoadLibraryW 76069362 5 Bytes JMP 00010FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!LoadLibraryExA 760694B4 5 Bytes JMP 00010065
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!LoadLibraryA 760694DC 5 Bytes JMP 00010FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!VirtualProtectEx 7606DBDA 5 Bytes JMP 00010F97
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!GetProcAddress 7608903B 5 Bytes JMP 000100F8
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!CreateFileW 7608AECB 5 Bytes JMP 00010FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!CreateFileA 7608CE5F 5 Bytes JMP 0001000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!WinExec 760D5CF7 5 Bytes JMP 000100CC
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] ADVAPI32.dll!RegCreateKeyExA 75DB39AB 5 Bytes JMP 00050FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] ADVAPI32.dll!RegCreateKeyA 75DB3BA9 5 Bytes JMP 00050FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] ADVAPI32.dll!RegOpenKeyA 75DB89C7 5 Bytes JMP 00050FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] ADVAPI32.dll!RegCreateKeyW 75DC391E 5 Bytes JMP 00050054
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] ADVAPI32.dll!RegCreateKeyExW 75DC41F1 5 Bytes JMP 00050065
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] ADVAPI32.dll!RegOpenKeyExA 75DC7C42 5 Bytes JMP 00050FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] ADVAPI32.dll!RegOpenKeyW 75DCE2B5 5 Bytes JMP 0005000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] ADVAPI32.dll!RegOpenKeyExW 75DD7BA1 5 Bytes JMP 0005002F
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!DialogBoxParamW 772B10B0 5 Bytes JMP 6991C00F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!DialogBoxIndirectParamW 772B2EF5 5 Bytes JMP 69A5BC22 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!DialogBoxParamA 772C8152 5 Bytes JMP 69A5BBE7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!DialogBoxIndirectParamA 772C847D 5 Bytes JMP 69A5BC5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!MessageBoxIndirectA 772DD4D9 5 Bytes JMP 69A5BBA3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!MessageBoxIndirectW 772DD5D3 5 Bytes JMP 69A5BB5F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!MessageBoxExA 772DD639 5 Bytes JMP 69A5BB25 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] USER32.dll!MessageBoxExW 772DD65D 5 Bytes JMP 69A5BAEB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] msvcrt.dll!_wsystem 76177F2F 5 Bytes JMP 00060025
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] msvcrt.dll!system 7617804B 5 Bytes JMP 00060F9A
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] msvcrt.dll!_creat 7617BBE1 5 Bytes JMP 00060FBC
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] msvcrt.dll!_open 7617D106 5 Bytes JMP 00060000
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] msvcrt.dll!_wcreat 7617D326 5 Bytes JMP 00060FAB
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] msvcrt.dll!_wopen 7617D501 5 Bytes JMP 00060FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] SHELL32.dll!SHRestricted + D95 767089A8 4 Bytes [99, 0B, F3, 69]
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] SHELL32.dll!SHRestricted + D9D 767089B0 8 Bytes [A7, 0A, F3, 69, A4, 32, F2, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] ole32.dll!OleLoadFromStream 76271E80 5 Bytes JMP 69A5BE1F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] WS2_32.dll!socket 773236D1 5 Bytes JMP 0008000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] WININET.dll!HttpOpenRequestA 771AFBBC 5 Bytes JMP 67BF4690 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] WININET.dll!InternetConnectA 771B0692 5 Bytes JMP 67BF4790 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] WININET.dll!InternetCloseHandle 771B2DB8 5 Bytes JMP 67BF43D0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] WININET.dll!InternetReadFile 771B74B9 5 Bytes JMP 67BF44F0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] WININET.dll!InternetOpenA 771BD4AD 5 Bytes JMP 00210000
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] WININET.dll!InternetOpenW 771BD80A 5 Bytes JMP 00210011
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] WININET.dll!InternetOpenUrlA 771BFE7B 5 Bytes JMP 00210FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] WININET.dll!InternetOpenUrlW 77209189 5 Bytes JMP 0021002C
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!GetStartupInfoW 76041929 5 Bytes JMP 009C0F29
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!GetStartupInfoA 760419C9 5 Bytes JMP 009C0F44
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreateProcessW 76041BF3 5 Bytes JMP 009C00B6
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreateProcessA 76041C28 5 Bytes JMP 009C009B
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!VirtualProtect 76041DC3 5 Bytes JMP 009C004A
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreateNamedPipeA 76042EF5 5 Bytes JMP 009C0FD4
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreateNamedPipeW 76045C0C 5 Bytes JMP 009C0FC3
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreatePipe 76068E6E 5 Bytes JMP 009C0F55
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!LoadLibraryExW 76069109 5 Bytes JMP 009C0F7C
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!LoadLibraryW 76069362 5 Bytes JMP 009C0F8D
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!LoadLibraryExA 760694B4 5 Bytes JMP 009C002F
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!LoadLibraryA 760694DC 5 Bytes JMP 009C0FA8
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!VirtualProtectEx 7606DBDA 5 Bytes JMP 009C0065
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!GetProcAddress 7608903B 5 Bytes JMP 009C0F04
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreateFileW 7608AECB 5 Bytes JMP 009C0FEF
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreateFileA 7608CE5F 5 Bytes JMP 009C000A
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!WinExec 760D5CF7 5 Bytes JMP 009C008A
.text C:\Windows\system32\svchost.exe[2308] msvcrt.dll!_wsystem 76177F2F 5 Bytes JMP 009D0F9C
.text C:\Windows\system32\svchost.exe[2308] msvcrt.dll!system 7617804B 5 Bytes JMP 009D0FAD
.text C:\Windows\system32\svchost.exe[2308] msvcrt.dll!_creat 7617BBE1 5 Bytes JMP 009D0FD2
.text C:\Windows\system32\svchost.exe[2308] msvcrt.dll!_open 7617D106 5 Bytes JMP 009D0000
.text C:\Windows\system32\svchost.exe[2308] msvcrt.dll!_wcreat 7617D326 5 Bytes JMP 009D0027
.text C:\Windows\system32\svchost.exe[2308] msvcrt.dll!_wopen 7617D501 5 Bytes JMP 009D0FEF
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyExA 75DB39AB 5 Bytes JMP 009B0036
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyA 75DB3BA9 5 Bytes JMP 009B0FA5
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyA 75DB89C7 5 Bytes JMP 009B0FEF
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyW 75DC391E 5 Bytes JMP 009B0F94
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyExW 75DC41F1 5 Bytes JMP 009B0F6F
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyExA 75DC7C42 5 Bytes JMP 009B0FCA
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyW 75DCE2B5 5 Bytes JMP 009B0000
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyExW 75DD7BA1 5 Bytes JMP 009B0011
.text C:\Windows\system32\svchost.exe[2308] WS2_32.dll!socket 773236D1 5 Bytes JMP 009E000A
.text C:\Windows\system32\DllHost.exe[2492] kernel32.dll!GetStartupInfoW 76041929 5 Bytes JMP 00840F41
.text C:\Windows\system32\DllHost.exe[2492] kernel32.dll!GetStartupInfoA 760419C9 5 Bytes JMP 00840087
.text C:\Windows\system32\DllHost.exe[2492] kernel32.dll!CreateProcessW 76041BF3 5 Bytes JMP 008400AC
.text C:\Windows\system32\DllHost.exe[2492] kernel32.dll!CreateProcessA 76041C28 5 Bytes JMP 00840F15
.text C:\Windows\system32\DllHost.exe[2492] kernel32.dll!VirtualProtect 76041DC3 5 Bytes JMP 00840F77
.text C:\Windows\system32\DllHost.exe[2492] kernel32.dll!CreateNamedPipeA 76042EF5 5 Bytes JMP 00840011
.text C:\Windows\system32\DllHost.exe[2492] kernel32.dll!CreateNamedPipeW 76045C0C 5 Bytes JMP 00840022
.text C:\Windows\system32\DllHost.exe[2492] kernel32.dll!CreatePipe 76068E6E 5 Bytes JMP 00840076
.text C:\Windows\system32\DllHost.exe[2492] kernel32.dll!LoadLibraryExW 76069109 5 Bytes JMP 00840F94
.text C:\Windows\system32\DllHost.exe[2492] kernel32.dll!LoadLibraryW 76069362 5 Bytes JMP 00840FC0
.text C:\Windows\system32\DllHost.exe[2492] kernel32.dll!LoadLibraryExA 760694B4 5 Bytes JMP 00840FA5
.text C:\Windows\system32\DllHost.exe[2492] kernel32.dll!LoadLibraryA 760694DC 5 Bytes JMP 00840047
.text C:\Windows\system32\DllHost.exe[2492] kernel32.dll!VirtualProtectEx 7606DBDA 5 Bytes JMP 00840F66
.text C:\Windows\system32\DllHost.exe[2492] kernel32.dll!GetProcAddress 7608903B 5 Bytes JMP 00840EFA
.text C:\Windows\system32\DllHost.exe[2492] kernel32.dll!CreateFileW 7608AECB 5 Bytes JMP 00840FDB
.text C:\Windows\system32\DllHost.exe[2492] kernel32.dll!CreateFileA 7608CE5F 5 Bytes JMP 00840000
.text C:\Windows\system32\DllHost.exe[2492] kernel32.dll!WinExec 760D5CF7 5 Bytes JMP 00840F30
.text C:\Windows\system32\DllHost.exe[2492] msvcrt.dll!_wsystem 76177F2F 5 Bytes JMP 00860031
.text C:\Windows\system32\DllHost.exe[2492] msvcrt.dll!system 7617804B 5 Bytes JMP 00860FA6
.text C:\Windows\system32\DllHost.exe[2492] msvcrt.dll!_creat 7617BBE1 5 Bytes JMP 00860FD2
.text C:\Windows\system32\DllHost.exe[2492] msvcrt.dll!_open 7617D106 5 Bytes JMP 00860000
.text C:\Windows\system32\DllHost.exe[2492] msvcrt.dll!_wcreat 7617D326 5 Bytes JMP 00860FC1
.text C:\Windows\system32\DllHost.exe[2492] msvcrt.dll!_wopen 7617D501 5 Bytes JMP 00860FE3
.text C:\Windows\system32\DllHost.exe[2492] ADVAPI32.dll!RegCreateKeyExA 75DB39AB 5 Bytes JMP 001E0047
.text C:\Windows\system32\DllHost.exe[2492] ADVAPI32.dll!RegCreateKeyA 75DB3BA9 5 Bytes JMP 001E001B
.text C:\Windows\system32\DllHost.exe[2492] ADVAPI32.dll!RegOpenKeyA 75DB89C7 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\DllHost.exe[2492] ADVAPI32.dll!RegCreateKeyW 75DC391E 5 Bytes JMP 001E0036
.text C:\Windows\system32\DllHost.exe[2492] ADVAPI32.dll!RegCreateKeyExW 75DC41F1 5 Bytes JMP 001E0058
.text C:\Windows\system32\DllHost.exe[2492] ADVAPI32.dll!RegOpenKeyExA 75DC7C42 5 Bytes JMP 001E0FC3
.text C:\Windows\system32\DllHost.exe[2492] ADVAPI32.dll!RegOpenKeyW 75DCE2B5 5 Bytes JMP 001E0FDE
.text C:\Windows\system32\DllHost.exe[2492] ADVAPI32.dll!RegOpenKeyExW 75DD7BA1 5 Bytes JMP 001E000A
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!GetStartupInfoW 76041929 5 Bytes JMP 000A00B5
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!GetStartupInfoA 760419C9 5 Bytes JMP 000A0F79
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreateProcessW 76041BF3 5 Bytes JMP 000A00F2
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreateProcessA 76041C28 5 Bytes JMP 000A00E1
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!VirtualProtect 76041DC3 5 Bytes JMP 000A0064
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreateNamedPipeA 76042EF5 5 Bytes JMP 000A001B
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreateNamedPipeW 76045C0C 5 Bytes JMP 000A0FCA
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreatePipe 76068E6E 5 Bytes JMP 000A00A4
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!LoadLibraryExW 76069109 5 Bytes JMP 000A0F8A
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!LoadLibraryW 76069362 5 Bytes JMP 000A0036
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!LoadLibraryExA 760694B4 5 Bytes JMP 000A0047
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!LoadLibraryA 760694DC 5 Bytes JMP 000A0FB9
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!VirtualProtectEx 7606DBDA 5 Bytes JMP 000A007F
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!GetProcAddress 7608903B 5 Bytes JMP 000A0103
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreateFileW 7608AECB 5 Bytes JMP 000A000A
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreateFileA 7608CE5F 5 Bytes JMP 000A0FEF
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!WinExec 760D5CF7 5 Bytes JMP 000A00D0
.text C:\Windows\System32\svchost.exe[2716] msvcrt.dll!_wsystem 76177F2F 5 Bytes JMP 000B0FA6
.text C:\Windows\System32\svchost.exe[2716] msvcrt.dll!system 7617804B 5 Bytes JMP 000B0FB7
.text C:\Windows\System32\svchost.exe[2716] msvcrt.dll!_creat 7617BBE1 5 Bytes JMP 000B0FD2
.text C:\Windows\System32\svchost.exe[2716] msvcrt.dll!_open 7617D106 5 Bytes JMP 000B000C
.text C:\Windows\System32\svchost.exe[2716] msvcrt.dll!_wcreat 7617D326 5 Bytes JMP 000B0027
.text C:\Windows\System32\svchost.exe[2716] msvcrt.dll!_wopen 7617D501 5 Bytes JMP 000B0FE3
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegCreateKeyExA 75DB39AB 5 Bytes JMP 0009007D
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegCreateKeyA 75DB3BA9 5 Bytes JMP 00090051
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegOpenKeyA 75DB89C7 5 Bytes JMP 0009000A
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegCreateKeyW 75DC391E 5 Bytes JMP 00090062
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegCreateKeyExW 75DC41F1 5 Bytes JMP 00090FC0
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegOpenKeyExA 75DC7C42 5 Bytes JMP 0009002C
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegOpenKeyW 75DCE2B5 5 Bytes JMP 0009001B
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegOpenKeyExW 75DD7BA1 5 Bytes JMP 00090FE5
.text C:\Windows\Explorer.EXE[4040] kernel32.dll!GetStartupInfoW 76041929 5 Bytes JMP 000100A7
.text C:\Windows\Explorer.EXE[4040] kernel32.dll!GetStartupInfoA 760419C9 5 Bytes JMP 00010F61
.text C:\Windows\Explorer.EXE[4040] kernel32.dll!CreateProcessW 76041BF3 5 Bytes JMP 00010F3F
.text C:\Windows\Explorer.EXE[4040] kernel32.dll!CreateProcessA 76041C28 5 Bytes JMP 000100CC
.text C:\Windows\Explorer.EXE[4040] kernel32.dll!VirtualProtect 76041DC3 5 Bytes JMP 00010F83
.text C:\Windows\Explorer.EXE[4040] kernel32.dll!CreateNamedPipeA 76042EF5 5 Bytes JMP 00010FD4
.text C:\Windows\Explorer.EXE[4040] kernel32.dll!CreateNamedPipeW 76045C0C 5 Bytes JMP 00010025
.text C:\Windows\Explorer.EXE[4040] kernel32.dll!CreatePipe 76068E6E 1 Byte [E9]
.text C:\Windows\Explorer.EXE[4040] kernel32.dll!CreatePipe 76068E6E 5 Bytes JMP 00010F72
.text C:\Windows\Explorer.EXE[4040] kernel32.dll!LoadLibraryExW 76069109 5 Bytes JMP 0001005D
.text C:\Windows\Explorer.EXE[4040] kernel32.dll!LoadLibraryW 76069362 5 Bytes JMP 00010FB9
.text C:\Windows\Explorer.EXE[4040] kernel32.dll!LoadLibraryExA 760694B4 5 Bytes JMP 00010F94
.text C:\Windows\Explorer.EXE[4040] kernel32.dll!LoadLibraryA 760694DC 5 Bytes JMP 00010040
.text C:\Windows\Explorer.EXE[4040] kernel32.dll!VirtualProtectEx 7606DBDA 5 Bytes JMP 00010082
.text C:\Windows\Explorer.EXE[4040] kernel32.dll!GetProcAddress 7608903B 5 Bytes JMP 00010F2E
.text C:\Windows\Explorer.EXE[4040] kernel32.dll!CreateFileW 7608AECB 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[4040] kernel32.dll!CreateFileA 7608CE5F 5 Bytes JMP 00010000
.text C:\Windows\Explorer.EXE[4040] kernel32.dll!WinExec 760D5CF7 5 Bytes JMP 00010F50
.text C:\Windows\Explorer.EXE[4040] ADVAPI32.dll!RegCreateKeyExA 75DB39AB 5 Bytes JMP 00320F83
.text C:\Windows\Explorer.EXE[4040] ADVAPI32.dll!RegCreateKeyA 75DB3BA9 5 Bytes JMP 00320FAF
.text C:\Windows\Explorer.EXE[4040] ADVAPI32.dll!RegOpenKeyA 75DB89C7 5 Bytes JMP 00320000
.text C:\Windows\Explorer.EXE[4040] ADVAPI32.dll!RegCreateKeyW 75DC391E 5 Bytes JMP 00320F94
.text C:\Windows\Explorer.EXE[4040] ADVAPI32.dll!RegCreateKeyExW 75DC41F1 5 Bytes JMP 00320F72
.text C:\Windows\Explorer.EXE[4040] ADVAPI32.dll!RegOpenKeyExA 75DC7C42 5 Bytes JMP 0032001B
.text C:\Windows\Explorer.EXE[4040] ADVAPI32.dll!RegOpenKeyW 75DCE2B5 5 Bytes JMP 00320FE5
.text C:\Windows\Explorer.EXE[4040] ADVAPI32.dll!RegOpenKeyExW 75DD7BA1 5 Bytes JMP 00320FCA
.text C:\Windows\Explorer.EXE[4040] msvcrt.dll!_wsystem 76177F2F 5 Bytes JMP 00330016
.text C:\Windows\Explorer.EXE[4040] msvcrt.dll!system 7617804B 5 Bytes JMP 00330F95
.text C:\Windows\Explorer.EXE[4040] msvcrt.dll!_creat 7617BBE1 5 Bytes JMP 00330FB7
.text C:\Windows\Explorer.EXE[4040] msvcrt.dll!_open %2

Attached File(s)

Attach.txt (11.58K)
Number of downloads: 1
DDS.txt (14.59K)
Number of downloads: 3
MBRCheck_11.29.11_20.07.38.txt (15.56K)
Number of downloads: 2

This post has been edited by willie1690: 30 November 2011 - 04:05 PM

#2 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 03 December 2011 - 10:52 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

Do not run any other tool untill instructed to do so!
please Do not Attach logs or put in code boxes.
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can help also.
Do not run anything while running a fix.
Do not run any other tool untill instructed to do so!

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1

Link 2

Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

#3 willie1690

New Member

Group: Members
Posts: 12
Joined: 29-November 11

Posted 05 December 2011 - 04:35 PM

Hi Gringo,

Sorry for the delay in replying.
Your help is very much appreciated. I ran combofix originally and it found a zeroaccess root virus.
The only problem is that my computer now does not run windows update giving a code 80096001 and also a system level trust error 0x8009601 when trying to use the system readiness tool.
I have also noticed that my Vaio update and Java ones are not working too.
The browser hijacker virus is away but now I have these problems.
To be honest I tried to use the manaul fixes that this and other forums suggest and also windows Fixit tool but to no avail as I thought they might do the job without the need for further intervention.
I have also tried restoring the system to before I did the initial Combofix but it did not work properly.
I have ran combofix again and will include the log it has produced.
I apologise as I know you have said in your post not to run any additional programs but this was done foolishly before your initial reply.
I will understand if there is nothing more you can do to help but it might teach me a valuable lesson.

Many Thanks
ComboFix 11-12-05.04 - Willie 05/12/2011 20:40:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3038.1898 [GMT 0:00]
Running from: c:\users\Willie\Desktop\ComboFix.exe
AV: AVG Anti-Virus plus Firewall *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AVG Anti-Virus plus Firewall *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))
.
.
2011-12-05 20:50 . 2011-12-05 20:50 -------- d-----w- c:\users\Frances\AppData\Local\temp
2011-12-05 20:50 . 2011-12-05 20:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-04 16:07 . 2011-12-04 16:07 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-04 16:02 . 2011-12-04 16:06 -------- d-----w- c:\windows\system32\catroot2
2011-12-04 12:58 . 2011-12-04 12:58 -------- d-----w- c:\users\Willie\AppData\Roaming\ParetoLogic
2011-12-04 12:58 . 2011-12-04 12:58 -------- d-----w- c:\users\Willie\AppData\Roaming\DriverCure
2011-12-04 12:58 . 2011-12-04 14:26 -------- d-----w- c:\programdata\ParetoLogic
2011-12-04 12:47 . 2011-12-04 12:47 -------- d-----w- c:\users\Willie\AppData\Roaming\PC Cleaners
2011-12-04 12:46 . 2011-12-04 12:46 6068496 ----a-w- c:\windows\uninst.exe
2011-12-04 12:46 . 2011-12-04 12:46 -------- d-----w- c:\programdata\PC1Data
2011-12-04 12:34 . 2011-12-04 12:34 -------- d-----w- c:\programdata\ErrorEND
2011-12-04 09:34 . 2011-12-04 09:34 -------- d-----w- C:\found.000
2011-11-30 23:40 . 2011-12-03 11:35 -------- d-----w- C:\$RECYCLE(0).BIN
2011-11-30 23:40 . 2011-12-04 09:39 -------- d-----w- c:\users\Willie\AppData\Local\temp(375)
2011-11-30 21:58 . 2011-11-30 22:12 -------- d-----w- c:\programdata\AVG Security Toolbar
2011-11-30 21:57 . 2011-12-04 12:55 -------- d-----w- c:\programdata\avg9
2011-11-30 21:18 . 2011-11-30 21:25 -------- d-----w- c:\programdata\Hitman Pro
2011-11-30 21:15 . 2011-11-30 21:15 -------- d-----w- c:\users\Willie\AppData\Roaming\Malwarebytes
2011-11-30 21:15 . 2011-11-30 21:15 -------- d-----w- c:\programdata\Malwarebytes
2011-11-29 22:23 . 2011-11-29 22:23 -------- d-----w- c:\users\Willie\AppData\Roaming\Auslogics
2011-11-29 16:28 . 2011-11-29 16:28 -------- d-----w- c:\users\Willie\AppData\Local\Threat Expert
2011-11-29 16:22 . 2011-11-29 16:32 -------- d-----w- c:\program files\PC Tools
2011-11-29 16:18 . 2011-11-29 16:29 -------- d-----w- c:\programdata\PC Tools
2011-11-29 16:18 . 2011-11-29 16:18 -------- d-----w- c:\users\Willie\AppData\Roaming\TestApp
2011-11-09 19:58 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 19:58 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-10-14 19:20 . 2011-07-14 19:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-12 19:01 . 2010-05-05 08:14 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-22 274432]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-16 39408]
"VMpTtray.exe"="c:\program files\Sony\VAIO Media plus\VMpTtray.exe" [2009-01-20 99624]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-01-17 503976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6703648]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-29 30192]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2009-04-16 26112]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2009-03-09 1101824]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-01-29 2303216]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-10-24 2078048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2011-11-04 349608]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\Willie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-1-24 780840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate1ca8f15f4e2e470;Google Update Service (gupdate1ca8f15f4e2e470);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 133104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-02-19 29736]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-29 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 133104]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-05-25 15232]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-09-08 83312]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-05-05 52872]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-05-25 64512]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2011-07-06 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-07-07 243152]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2011-07-06 308136]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 94880]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-12-22 303104]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-01-20 120104]
S2 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-01-20 70952]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-01-20 390440]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-01-20 75048]
S2 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-01-20 91432]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-12-19 415592]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-03-05 5189992]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
S3 JMCR_CFS;JMCR_CFS;c:\windows\system32\DRIVERS\jmcr_cfs.sys [2008-11-06 55696]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-03-06 44064]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-11-19 9344]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1086568]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
yksvcs REG_MULTI_SZ yksvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:19]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 21:19]
.
2010-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 11:22]
.
2009-04-16 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 11:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ribsivqs - c:\users\Willie\AppData\Local\apbyphcgd\ejcbmjrtssd.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-05 20:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(7596)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2011-12-05 20:53:18
ComboFix-quarantined-files.txt 2011-12-05 20:53
ComboFix2.txt 2011-11-30 23:40
.
Pre-Run: 153,074,356,224 bytes free
Post-Run: 153,294,086,144 bytes free
.
- - End Of File - - 87BCE2FF830C7E6030BA7F2334610A7D

Wille

Attached File(s)

ComboFix.txt (13.91K)
Number of downloads: 0

This post has been edited by willie1690: 05 December 2011 - 05:44 PM

#4 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 06 December 2011 - 02:13 AM

Hello

It looks like you are running more than one AV I need you to remove one of them
'

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

<-- Don't worry every little bit helps.

#5 willie1690

New Member

Group: Members
Posts: 12
Joined: 29-November 11

Posted 06 December 2011 - 08:21 AM

Hi Gringo,

I have run TDSS tool and here is the report as requested. Scan came back with no threats etc.
When do you want me to remove on of the Av tools?

13:16:03.0965 7864 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
13:16:04.0423 7864 ============================================================
13:16:04.0423 7864 Current date / time: 2011/12/06 13:16:04.0423
13:16:04.0423 7864 SystemInfo:
13:16:04.0423 7864
13:16:04.0423 7864 OS Version: 6.0.6002 ServicePack: 2.0
13:16:04.0423 7864 Product type: Workstation
13:16:04.0423 7864 ComputerName: WILLIE-PC
13:16:04.0423 7864 UserName: Willie
13:16:04.0423 7864 Windows directory: C:\Windows
13:16:04.0423 7864 System windows directory: C:\Windows
13:16:04.0423 7864 Processor architecture: Intel x86
13:16:04.0423 7864 Number of processors: 2
13:16:04.0423 7864 Page size: 0x1000
13:16:04.0423 7864 Boot type: Normal boot
13:16:04.0423 7864 ============================================================
13:16:06.0047 7864 Initialize success
13:16:27.0788 6632 ============================================================
13:16:27.0788 6632 Scan started
13:16:27.0788 6632 Mode: Manual;
13:16:27.0788 6632 ============================================================
13:16:28.0880 6632 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:16:28.0890 6632 ACPI - ok
13:16:29.0229 6632 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:16:29.0244 6632 adp94xx - ok
13:16:29.0361 6632 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:16:29.0437 6632 adpahci - ok
13:16:29.0663 6632 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:16:29.0731 6632 adpu160m - ok
13:16:29.0916 6632 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:16:29.0985 6632 adpu320 - ok
13:16:30.0155 6632 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:16:30.0224 6632 AFD - ok
13:16:30.0299 6632 AFGMp50 - ok
13:16:30.0398 6632 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\AFGSp50.sys
13:16:30.0429 6632 AFGSp50 - ok
13:16:30.0550 6632 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:16:30.0586 6632 agp440 - ok
13:16:30.0616 6632 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:16:30.0682 6632 aic78xx - ok
13:16:30.0767 6632 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:16:30.0832 6632 aliide - ok
13:16:30.0870 6632 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:16:30.0878 6632 amdagp - ok
13:16:30.0973 6632 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:16:31.0036 6632 amdide - ok
13:16:31.0263 6632 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:16:31.0293 6632 AmdK7 - ok
13:16:31.0435 6632 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:16:31.0469 6632 AmdK8 - ok
13:16:31.0604 6632 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:16:31.0649 6632 arc - ok
13:16:31.0733 6632 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:16:31.0780 6632 arcsas - ok
13:16:31.0824 6632 ArcSoftKsUFilter (857b48965a0503b7ab795d4bfe7cbd8b) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
13:16:31.0847 6632 ArcSoftKsUFilter - ok
13:16:31.0949 6632 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:16:31.0954 6632 AsyncMac - ok
13:16:32.0062 6632 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\DRIVERS\atapi.sys
13:16:32.0125 6632 atapi - ok
13:16:32.0202 6632 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
13:16:32.0274 6632 AvgLdx86 - ok
13:16:32.0400 6632 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\Windows\system32\Drivers\avgmfx86.sys
13:16:32.0455 6632 AvgMfx86 - ok
13:16:32.0501 6632 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys
13:16:32.0565 6632 AvgRkx86 - ok
13:16:32.0683 6632 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\system32\Drivers\avgtdix.sys
13:16:32.0758 6632 AvgTdiX - ok
13:16:32.0884 6632 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:16:32.0942 6632 Beep - ok
13:16:33.0105 6632 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:16:33.0163 6632 blbdrive - ok
13:16:33.0413 6632 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:16:33.0446 6632 bowser - ok
13:16:33.0615 6632 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:16:33.0672 6632 BrFiltLo - ok
13:16:33.0827 6632 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:16:33.0856 6632 BrFiltUp - ok
13:16:34.0000 6632 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:16:34.0033 6632 Brserid - ok
13:16:34.0071 6632 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:16:34.0132 6632 BrSerWdm - ok
13:16:34.0291 6632 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:16:34.0298 6632 BrUsbMdm - ok
13:16:34.0427 6632 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:16:34.0484 6632 BrUsbSer - ok
13:16:34.0649 6632 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
13:16:34.0707 6632 BthEnum - ok
13:16:34.0837 6632 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:16:34.0870 6632 BTHMODEM - ok
13:16:34.0993 6632 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
13:16:35.0057 6632 BthPan - ok
13:16:35.0225 6632 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
13:16:35.0279 6632 BTHPORT - ok
13:16:35.0487 6632 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
13:16:35.0546 6632 BTHUSB - ok
13:16:35.0709 6632 btwaudio (6e41621e03d91167ceae555ce2b468b8) C:\Windows\system32\drivers\btwaudio.sys
13:16:35.0744 6632 btwaudio - ok
13:16:35.0862 6632 btwavdt (7e67b295081b33ea22c0fb04798b306c) C:\Windows\system32\drivers\btwavdt.sys
13:16:35.0932 6632 btwavdt - ok
13:16:36.0097 6632 btwl2cap (54c2ee0a3cec586629035d771aacae67) C:\Windows\system32\DRIVERS\btwl2cap.sys
13:16:36.0159 6632 btwl2cap - ok
13:16:36.0387 6632 btwrchid (4b4f992ee709c40efd33ba4d2bafa402) C:\Windows\system32\DRIVERS\btwrchid.sys
13:16:36.0447 6632 btwrchid - ok
13:16:36.0619 6632 catchme - ok
13:16:36.0698 6632 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:16:36.0706 6632 cdfs - ok
13:16:36.0856 6632 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:16:36.0933 6632 cdrom - ok
13:16:37.0064 6632 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
13:16:37.0072 6632 circlass - ok
13:16:37.0192 6632 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:16:37.0205 6632 CLFS - ok
13:16:37.0317 6632 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:16:37.0337 6632 CmBatt - ok
13:16:37.0457 6632 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:16:37.0519 6632 cmdide - ok
13:16:37.0595 6632 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:16:37.0603 6632 Compbatt - ok
13:16:37.0720 6632 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:16:37.0752 6632 crcdisk - ok
13:16:37.0883 6632 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:16:37.0940 6632 Crusoe - ok
13:16:38.0141 6632 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:16:38.0174 6632 DfsC - ok
13:16:38.0335 6632 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:16:38.0343 6632 disk - ok
13:16:38.0482 6632 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
13:16:38.0517 6632 DMICall - ok
13:16:38.0663 6632 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:16:38.0670 6632 drmkaud - ok
13:16:38.0849 6632 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
13:16:38.0865 6632 DXGKrnl - ok
13:16:38.0995 6632 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:16:39.0077 6632 E1G60 - ok
13:16:39.0221 6632 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:16:39.0297 6632 Ecache - ok
13:16:39.0452 6632 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:16:39.0532 6632 elxstor - ok
13:16:39.0690 6632 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:16:39.0720 6632 ErrDev - ok
13:16:39.0870 6632 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:16:39.0880 6632 exfat - ok
13:16:40.0011 6632 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:16:40.0021 6632 fastfat - ok
13:16:40.0231 6632 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:16:40.0262 6632 fdc - ok
13:16:40.0374 6632 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:16:40.0382 6632 FileInfo - ok
13:16:40.0495 6632 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:16:40.0555 6632 Filetrace - ok
13:16:40.0713 6632 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:16:40.0743 6632 flpydisk - ok
13:16:40.0861 6632 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:16:40.0872 6632 FltMgr - ok
13:16:40.0986 6632 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:16:41.0015 6632 Fs_Rec - ok
13:16:41.0145 6632 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:16:41.0180 6632 gagp30kx - ok
13:16:41.0373 6632 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:16:41.0405 6632 GEARAspiWDM - ok
13:16:41.0590 6632 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:16:41.0602 6632 HdAudAddService - ok
13:16:41.0797 6632 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:16:41.0811 6632 HDAudBus - ok
13:16:41.0925 6632 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:16:41.0988 6632 HidBth - ok
13:16:42.0098 6632 HidIr (5a87127718873bd7f3bd7ac42b951d8e) C:\Windows\system32\DRIVERS\hidir.sys
13:16:42.0129 6632 HidIr - ok
13:16:42.0294 6632 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:16:42.0354 6632 HidUsb - ok
13:16:42.0556 6632 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:16:42.0563 6632 HpCISSs - ok
13:16:42.0725 6632 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
13:16:42.0759 6632 HSFHWAZL - ok
13:16:42.0969 6632 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
13:16:43.0153 6632 HSF_DPV - ok
13:16:43.0278 6632 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:16:43.0321 6632 HTTP - ok
13:16:43.0528 6632 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:16:43.0593 6632 i2omp - ok
13:16:43.0750 6632 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:16:43.0758 6632 i8042prt - ok
13:16:43.0913 6632 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\drivers\iastor.sys
13:16:43.0989 6632 iaStor - ok
13:16:44.0144 6632 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:16:44.0218 6632 iaStorV - ok
13:16:44.0342 6632 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:16:44.0351 6632 iirsp - ok
13:16:44.0582 6632 IntcAzAudAddService (3aa1f82efa2b0454af163124c9920d16) C:\Windows\system32\drivers\RTKVHDA.sys
13:16:44.0737 6632 IntcAzAudAddService - ok
13:16:44.0857 6632 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:16:44.0919 6632 intelide - ok
13:16:45.0022 6632 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:16:45.0053 6632 intelppm - ok
13:16:45.0192 6632 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:16:45.0252 6632 IpFilterDriver - ok
13:16:45.0366 6632 IpInIp - ok
13:16:45.0553 6632 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:16:45.0586 6632 IPMIDRV - ok
13:16:45.0752 6632 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:16:45.0786 6632 IPNAT - ok
13:16:45.0949 6632 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:16:45.0956 6632 IRENUM - ok
13:16:46.0054 6632 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:16:46.0063 6632 isapnp - ok
13:16:46.0151 6632 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:16:46.0160 6632 iScsiPrt - ok
13:16:46.0287 6632 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:16:46.0295 6632 iteatapi - ok
13:16:46.0466 6632 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:16:46.0529 6632 iteraid - ok
13:16:46.0631 6632 JMCR_CFS (0d8ba4a407a3369039cc375b8f23627e) C:\Windows\system32\DRIVERS\jmcr_cfs.sys
13:16:46.0696 6632 JMCR_CFS - ok
13:16:46.0788 6632 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:16:46.0826 6632 kbdclass - ok
13:16:46.0958 6632 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:16:46.0962 6632 kbdhid - ok
13:16:47.0134 6632 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
13:16:47.0149 6632 KSecDD - ok
13:16:47.0282 6632 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
13:16:47.0314 6632 Lavasoft Kernexplorer - ok
13:16:47.0412 6632 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
13:16:47.0477 6632 Lbd - ok
13:16:47.0641 6632 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:16:47.0673 6632 lltdio - ok
13:16:47.0819 6632 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:16:47.0888 6632 LSI_FC - ok
13:16:48.0051 6632 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:16:48.0119 6632 LSI_SAS - ok
13:16:48.0277 6632 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:16:48.0345 6632 LSI_SCSI - ok
13:16:48.0458 6632 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:16:48.0489 6632 luafv - ok
13:16:48.0648 6632 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:16:48.0741 6632 megasas - ok
13:16:48.0887 6632 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:16:48.0970 6632 MegaSR - ok
13:16:49.0073 6632 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys
13:16:49.0111 6632 mfeavfk - ok
13:16:49.0179 6632 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys
13:16:49.0214 6632 mfebopk - ok
13:16:49.0367 6632 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\Windows\system32\drivers\mfehidk.sys
13:16:49.0407 6632 mfehidk - ok
13:16:49.0512 6632 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
13:16:49.0597 6632 mferkdk - ok
13:16:49.0696 6632 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
13:16:49.0731 6632 mfesmfk - ok
13:16:49.0846 6632 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:16:49.0854 6632 Modem - ok
13:16:49.0963 6632 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:16:49.0995 6632 monitor - ok
13:16:50.0119 6632 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:16:50.0181 6632 mouclass - ok
13:16:50.0277 6632 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:16:50.0309 6632 mouhid - ok
13:16:50.0409 6632 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:16:50.0418 6632 MountMgr - ok
13:16:50.0541 6632 MPFP (95675c3398dcc084c8d1dc35cc4e9e01) C:\Windows\system32\Drivers\Mpfp.sys
13:16:50.0608 6632 MPFP - ok
13:16:50.0799 6632 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:16:50.0865 6632 mpio - ok
13:16:50.0960 6632 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:16:50.0969 6632 mpsdrv - ok
13:16:51.0085 6632 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:16:51.0148 6632 Mraid35x - ok
13:16:51.0286 6632 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:16:51.0295 6632 MRxDAV - ok
13:16:51.0392 6632 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:16:51.0441 6632 mrxsmb - ok
13:16:51.0602 6632 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:16:51.0668 6632 mrxsmb10 - ok
13:16:51.0864 6632 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:16:51.0929 6632 mrxsmb20 - ok
13:16:52.0050 6632 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
13:16:52.0115 6632 msahci - ok
13:16:52.0273 6632 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:16:52.0339 6632 msdsm - ok
13:16:52.0443 6632 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:16:52.0472 6632 Msfs - ok
13:16:52.0606 6632 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:16:52.0639 6632 msisadrv - ok
13:16:52.0789 6632 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:16:52.0795 6632 MSKSSRV - ok
13:16:52.0906 6632 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:16:52.0913 6632 MSPCLOCK - ok
13:16:53.0075 6632 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:16:53.0081 6632 MSPQM - ok
13:16:53.0230 6632 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:16:53.0241 6632 MsRPC - ok
13:16:53.0395 6632 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:16:53.0402 6632 mssmbios - ok
13:16:53.0534 6632 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:16:53.0541 6632 MSTEE - ok
13:16:53.0622 6632 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:16:53.0656 6632 Mup - ok
13:16:53.0816 6632 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:16:53.0881 6632 NativeWifiP - ok
13:16:54.0039 6632 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:16:54.0054 6632 NDIS - ok
13:16:54.0175 6632 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:16:54.0204 6632 NdisTapi - ok
13:16:54.0334 6632 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:16:54.0364 6632 Ndisuio - ok
13:16:54.0552 6632 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:16:54.0562 6632 NdisWan - ok
13:16:54.0730 6632 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:16:54.0761 6632 NDProxy - ok
13:16:54.0870 6632 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:16:54.0900 6632 NetBIOS - ok
13:16:55.0002 6632 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:16:55.0013 6632 netbt - ok
13:16:55.0371 6632 NETw5v32 (f0c42e0cdce558d658fa53a222b4ccb1) C:\Windows\system32\DRIVERS\NETw5v32.sys
13:16:55.0780 6632 NETw5v32 - ok
13:16:55.0882 6632 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:16:55.0890 6632 nfrd960 - ok
13:16:56.0022 6632 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:16:56.0052 6632 Npfs - ok
13:16:56.0165 6632 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:16:56.0195 6632 nsiproxy - ok
13:16:56.0392 6632 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:16:56.0473 6632 Ntfs - ok
13:16:56.0612 6632 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:16:56.0672 6632 ntrigdigi - ok
13:16:56.0840 6632 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:16:56.0869 6632 Null - ok
13:16:56.0990 6632 NVHDA (2c7ac27710e8d41c1eb7d1599187d237) C:\Windows\system32\drivers\nvhda32v.sys
13:16:57.0024 6632 NVHDA - ok
13:16:57.0330 6632 nvlddmkm (0e3252ef345ed302ff0b51d388d2a584) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:16:57.0654 6632 nvlddmkm - ok
13:16:57.0795 6632 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:16:57.0861 6632 nvraid - ok
13:16:57.0964 6632 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:16:58.0024 6632 nvstor - ok
13:16:58.0112 6632 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:16:58.0149 6632 nv_agp - ok
13:16:58.0199 6632 NwlnkFlt - ok
13:16:58.0252 6632 NwlnkFwd - ok
13:16:58.0346 6632 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:16:58.0353 6632 ohci1394 - ok
13:16:58.0482 6632 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:16:58.0531 6632 Parport - ok
13:16:58.0611 6632 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:16:58.0656 6632 partmgr - ok
13:16:58.0762 6632 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:16:58.0782 6632 Parvdm - ok
13:16:58.0872 6632 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:16:58.0910 6632 pci - ok
13:16:59.0029 6632 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
13:16:59.0036 6632 pciide - ok
13:16:59.0158 6632 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:16:59.0196 6632 pcmcia - ok
13:16:59.0330 6632 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:16:59.0376 6632 PEAUTH - ok
13:16:59.0548 6632 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:16:59.0578 6632 PptpMiniport - ok
13:16:59.0644 6632 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:16:59.0686 6632 Processor - ok
13:16:59.0773 6632 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:16:59.0794 6632 PSched - ok
13:16:59.0946 6632 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
13:16:59.0983 6632 PxHelp20 - ok
13:17:00.0142 6632 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:17:00.0240 6632 ql2300 - ok
13:17:00.0327 6632 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:17:00.0337 6632 ql40xx - ok
13:17:00.0446 6632 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:17:00.0507 6632 QWAVEdrv - ok
13:17:00.0647 6632 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:17:00.0676 6632 RasAcd - ok
13:17:00.0775 6632 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:17:00.0795 6632 Rasl2tp - ok
13:17:00.0914 6632 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:17:00.0945 6632 RasPppoe - ok
13:17:01.0051 6632 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:17:01.0082 6632 RasSstp - ok
13:17:01.0172 6632 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:17:01.0184 6632 rdbss - ok
13:17:01.0263 6632 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:17:01.0283 6632 RDPCDD - ok
13:17:01.0371 6632 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:17:01.0398 6632 rdpdr - ok
13:17:01.0485 6632 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:17:01.0505 6632 RDPENCDD - ok
13:17:01.0622 6632 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
13:17:01.0665 6632 RDPWD - ok
13:17:01.0780 6632 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
13:17:01.0802 6632 regi - ok
13:17:01.0929 6632 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
13:17:01.0997 6632 RFCOMM - ok
13:17:02.0085 6632 rimsptsk (f7d9ecf41ebd3cf6c65944368150f66b) C:\Windows\system32\DRIVERS\rimsptsk.sys
13:17:02.0150 6632 rimsptsk - ok
13:17:02.0223 6632 risdptsk (1be6c42767a7c67ba31ae32b293b37a3) C:\Windows\system32\DRIVERS\risdptsk.sys
13:17:02.0285 6632 risdptsk - ok
13:17:02.0369 6632 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:17:02.0402 6632 rspndr - ok
13:17:02.0490 6632 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:17:02.0555 6632 sbp2port - ok
13:17:02.0656 6632 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
13:17:02.0718 6632 sdbus - ok
13:17:02.0833 6632 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:17:02.0840 6632 secdrv - ok
13:17:02.0877 6632 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:17:02.0908 6632 Serenum - ok
13:17:03.0004 6632 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:17:03.0054 6632 Serial - ok
13:17:03.0186 6632 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:17:03.0218 6632 sermouse - ok
13:17:03.0356 6632 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
13:17:03.0415 6632 SFEP - ok
13:17:03.0494 6632 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:17:03.0526 6632 sffdisk - ok
13:17:03.0547 6632 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:17:03.0579 6632 sffp_mmc - ok
13:17:03.0673 6632 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:17:03.0704 6632 sffp_sd - ok
13:17:03.0746 6632 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
13:17:03.0803 6632 sfloppy - ok
13:17:03.0947 6632 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:17:03.0955 6632 sisagp - ok
13:17:04.0049 6632 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:17:04.0113 6632 SiSRaid2 - ok
13:17:04.0187 6632 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:17:04.0256 6632 SiSRaid4 - ok
13:17:04.0366 6632 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:17:04.0398 6632 Smb - ok
13:17:04.0500 6632 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:17:04.0508 6632 spldr - ok
13:17:04.0624 6632 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:17:04.0695 6632 srv - ok
13:17:04.0823 6632 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:17:04.0890 6632 srv2 - ok
13:17:04.0996 6632 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:17:05.0023 6632 srvnet - ok
13:17:05.0141 6632 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:17:05.0174 6632 swenum - ok
13:17:05.0295 6632 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:17:05.0358 6632 Symc8xx - ok
13:17:05.0395 6632 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:17:05.0457 6632 Sym_hi - ok
13:17:05.0550 6632 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:17:05.0613 6632 Sym_u3 - ok
13:17:05.0693 6632 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
13:17:05.0718 6632 SynTP - ok
13:17:05.0827 6632 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
13:17:05.0868 6632 Tcpip - ok
13:17:05.0949 6632 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
13:17:05.0954 6632 Tcpip6 - ok
13:17:06.0036 6632 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:17:06.0076 6632 tcpipreg - ok
13:17:06.0187 6632 TcUsb (55fe712f574da1a726ad74b20886a529) C:\Windows\system32\Drivers\tcusb.sys
13:17:06.0306 6632 TcUsb - ok
13:17:06.0456 6632 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:17:06.0515 6632 TDPIPE - ok
13:17:06.0552 6632 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:17:06.0611 6632 TDTCP - ok
13:17:06.0749 6632 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:17:06.0780 6632 tdx - ok
13:17:06.0815 6632 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:17:06.0858 6632 TermDD - ok
13:17:06.0985 6632 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:17:07.0045 6632 tssecsrv - ok
13:17:07.0208 6632 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:17:07.0215 6632 tunmp - ok
13:17:07.0384 6632 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:17:07.0443 6632 tunnel - ok
13:17:07.0522 6632 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:17:07.0558 6632 uagp35 - ok
13:17:07.0637 6632 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:17:07.0650 6632 udfs - ok
13:17:07.0775 6632 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:17:07.0811 6632 uliagpkx - ok
13:17:07.0875 6632 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:17:07.0965 6632 uliahci - ok
13:17:08.0167 6632 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:17:08.0176 6632 UlSata - ok
13:17:08.0363 6632 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:17:08.0431 6632 ulsata2 - ok
13:17:08.0565 6632 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:17:08.0596 6632 umbus - ok
13:17:08.0664 6632 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:17:08.0695 6632 usbccgp - ok
13:17:08.0807 6632 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
13:17:08.0816 6632 usbcir - ok
13:17:08.0949 6632 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:17:09.0009 6632 usbehci - ok
13:17:09.0203 6632 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:17:09.0214 6632 usbhub - ok
13:17:09.0407 6632 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:17:09.0467 6632 usbohci - ok
13:17:09.0663 6632 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
13:17:09.0724 6632 usbprint - ok
13:17:09.0844 6632 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:17:09.0853 6632 USBSTOR - ok
13:17:09.0884 6632 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:17:09.0891 6632 usbuhci - ok
13:17:10.0021 6632 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
13:17:10.0032 6632 usbvideo - ok
13:17:10.0332 6632 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:17:10.0364 6632 vga - ok
13:17:10.0499 6632 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:17:10.0529 6632 VgaSave - ok
13:17:10.0613 6632 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:17:10.0649 6632 viaagp - ok
13:17:10.0719 6632 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:17:10.0752 6632 ViaC7 - ok
13:17:10.0792 6632 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:17:10.0800 6632 viaide - ok
13:17:10.0906 6632 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:17:10.0914 6632 volmgr - ok
13:17:11.0045 6632 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:17:11.0060 6632 volmgrx - ok
13:17:11.0128 6632 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:17:11.0155 6632 volsnap - ok
13:17:11.0253 6632 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:17:11.0302 6632 vsmraid - ok
13:17:11.0436 6632 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:17:11.0475 6632 WacomPen - ok
13:17:11.0509 6632 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:17:11.0516 6632 Wanarp - ok
13:17:11.0564 6632 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:17:11.0565 6632 Wanarpv6 - ok
13:17:11.0676 6632 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:17:11.0736 6632 Wd - ok
13:17:12.0167 6632 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:17:12.0236 6632 Wdf01000 - ok
13:17:12.0340 6632 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
13:17:12.0389 6632 WimFltr - ok
13:17:12.0532 6632 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
13:17:12.0546 6632 winachsf - ok
13:17:12.0637 6632 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
13:17:12.0658 6632 WmiAcpi - ok
13:17:12.0711 6632 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:17:12.0741 6632 ws2ifsl - ok
13:17:12.0919 6632 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:17:12.0928 6632 WUDFRd - ok
13:17:13.0190 6632 yukonwlh (780e78694485d405413ae67fade0bc3f) C:\Windows\system32\DRIVERS\yk60x86.sys
13:17:13.0404 6632 yukonwlh - ok
13:17:13.0459 6632 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:17:13.0476 6632 \Device\Harddisk0\DR0 - ok
13:17:13.0483 6632 Boot (0x1200) (1b566c56a3ae105438815492e7ccfce0) \Device\Harddisk0\DR0\Partition0
13:17:13.0484 6632 \Device\Harddisk0\DR0\Partition0 - ok
13:17:13.0487 6632 ============================================================
13:17:13.0487 6632 Scan finished
13:17:13.0487 6632 ============================================================
13:17:13.0507 6304 Detected object count: 0
13:17:13.0507 6304 Actual detected object count: 0

Many Thanks

Willie

This post has been edited by willie1690: 06 December 2011 - 08:49 AM

#6 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 07 December 2011 - 09:36 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo

<-- Don't worry every little bit helps.

#7 willie1690

New Member

Group: Members
Posts: 12
Joined: 29-November 11

Posted 07 December 2011 - 03:08 PM

Hi,

Here is the log as requested.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-07 20:04:34
-----------------------------
20:04:34.547 OS Version: Windows 6.0.6002 Service Pack 2
20:04:34.548 Number of processors: 2 586 0x170A
20:04:34.549 ComputerName: WILLIE-PC UserName: Willie
20:04:44.353 Initialize success
20:05:07.888 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:05:07.891 Disk 0 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
20:05:07.894 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000068
20:05:07.896 Disk 1 Vendor: RICOH 01 Size: 476940MB BusType: 0
20:05:07.899 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000069
20:05:07.902 Disk 2 Vendor: RICOH 02 Size: 476940MB BusType: 0
20:05:07.906 Disk 3 \Device\Harddisk3\DR3 -> \Device\Scsi\JMCR_CFS1Port1Path0Target0Lun0
20:05:07.910 Disk 3 Vendor: JMCR Size: 476940MB BusType: 0
20:05:07.948 Disk 0 MBR read successfully
20:05:07.951 Disk 0 MBR scan
20:05:07.955 Disk 0 Windows VISTA default MBR code
20:05:07.961 Disk 0 scanning sectors +976771120
20:05:08.042 Disk 0 scanning C:\Windows\system32\drivers
20:05:17.031 Service scanning
20:05:18.387 Modules scanning
20:05:29.246 Disk 0 trace - called modules:
20:05:29.253
20:05:29.258 Scan finished successfully
20:05:55.106 Disk 0 MBR has been saved successfully to "C:\Users\Willie\Desktop\MBR.dat"
20:05:55.317 The log file has been saved successfully to "C:\Users\Willie\Desktop\aswMBR.txt"

Many Thanks

Willie

#8 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 07 December 2011 - 05:25 PM

Your Java is out of date.

It can be updated by the Java control panel

click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
An update should begin;
follow the prompts

TFC(Temp File Cleaner):

Please download TFC to your desktop,
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

Malwarebytes' Anti-Malware

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

Go Here to download HijackThis Installer
Save HijackThis Installer to your desktop.
Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

In your next post I need the following

Log From MBAM
report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?

Gringo

<-- Don't worry every little bit helps.

#9 willie1690

New Member

Group: Members
Posts: 12
Joined: 29-November 11

Posted 08 December 2011 - 09:37 AM

Hi Gringo,

I tried to run Java update but it gave me the following error
"The update cannot proceed with the current internet connection settings....

I have run TFC and it rebooted my computer

I installed MBAM and it would not let me update the file giving the following error
A program error has occured
Program_Error_Updating (2,0, I/O error)
The system cannot find the specified file....

I rn the program anyway and it was clean

I have run Hijack this as requested.

I have tested my laptop and it is still doing the same things with windows update, security centre updates not working.

The logs from each are below

MBAM
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

08/12/2011 14:20:46
mbam-log-2011-12-08 (14-20-46).txt

Scan type: Quick scan
Objects scanned: 189603
Time elapsed: 14 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:27:51, on 08/12/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe InitApp
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AgentMonitor] C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [VMpTtray.exe] C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - http://downloads.virginmedia.com/CST/ver1/vistainstaller.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca8f15f4e2e470) (gupdate1ca8f15f4e2e470) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

--
End of file - 14742 bytes

Thank You

Willie

#10 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 09 December 2011 - 02:04 AM

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

NOTE**You can research each of those lines >here< and see if you want to keep them or not
just copy the name between the brackets and paste into the search space
O4 - HKLM\..\Run: [IntelliPoint]

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
- Click Start
When asked, allow the ActiveX control to install
- Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options
Click Scan
Wait for the scan to finish
Click on copy to clipboard and paste the results here in this topic
you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt

Copy and paste that log as a reply to this topic

Gringo

<-- Don't worry every little bit helps.

#11 willie1690

New Member

Group: Members
Posts: 12
Joined: 29-November 11

Posted 09 December 2011 - 03:55 PM

Hi gringo

The ESET tool provided the following error when trying to update the signature database
"Can not get update Is Proxy configured"

I have run the HJT and unticked the boxes as suggested.

Thanks

Willie

#12 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 09 December 2011 - 05:02 PM

Hello

did you run as admin?

well try this one

F-Secure Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Please go HERE to run an online scan from F-Secure
Click on Start scanning
This will open a new window
Click Full System Scan
It will now download the scanner this may take a while please be patient
It will then start scanning wait for the scan to finish
Click Automatic cleaning (recommended)
Wait for it finish the cleaning process
Click show report
This will open up a window with the results of the scan copy and paste those results as a reply to this topic

<-- Don't worry every little bit helps.

#13 willie1690

New Member

Group: Members
Posts: 12
Joined: 29-November 11

Posted 09 December 2011 - 05:38 PM

Hi Gringo,

I started Explorer from the c: drive as an administrator to run the ESET tool so I do not know what is going on.
I ran the online scanner as adminstrator as requested and it gives me an "unknown error" when beginning the scan but then goes through to 100% and the message
You have succesfully launched F-Secure Online Scanner. You can run the check again by clicking the button below.

It then loads up a new explorer page saying Internet Explorer cannot display the webpage.

Thanks

Willie

#14 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 11 December 2011 - 01:04 AM

Ok lets try one more

BitDefender Online Scan

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Please go to the Bitdefender website to perform an online scan.
Click on I Agree.
You will be prompted to install an ActiveX. Please allow it and install it.
Under Select what you want to check for viruses, click on the Click here link.
- Check (tick) the Desktop box.
- Click on + sign next to My Computer. Uncheck (untick) your CD or DVD drive box(es).
- Uncheck the Network box.
- Click OK.
Under Settings, click on the Click here link.
- Under Action options, select Report only option.
- Click on the + sign next to Second Action.
- Select Report only option.
- Click OK.
Click on Click here to scan link.
It will start loading the antivirus scan engine and virus definitions and start the scan. * This will take a while. Please be patient *
Click on Click here to export the scan report.
Click on Desktop on your left.
In the File Name box, copy and paste in Report.txt
In the Save As Type box, select Text (Tab Delimited) (*.txt) file.
Click Save.

<-- Don't worry every little bit helps.

#15 willie1690

New Member

Group: Members
Posts: 12
Joined: 29-November 11

Posted 11 December 2011 - 04:30 PM

Hi Gringo,

I tried to do the online scan as requested but the options you listed were not available as far as I can see.
I did a full scan and the report is below.

QuickScan 32-bit v0.9.9.100
---------------------------
Scan date: Sun Dec 11 17:38:20 2011
Machine ID: 4C0FC660

C:\Windows\system32\ivireg.ivr - could not be scanned

No infection found.
-------------------

Processes
---------
Adobe Photoshop Elements 680 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
Affinegy Service 960 C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
AVG Internet Security 3440 C:\Program Files\AVG\AVG9\avgchsvx.exe
AVG Internet Security 4992 C:\Program Files\AVG\AVG9\avgtray.exe
AVG Internet Security 1292 C:\Program Files\AVG\AVG9\avgwdsvc.exe
Bluetooth Software 6020 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Bluetooth Software 1780 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
Intel® PROSet/Wireless 2740 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
Intel® PROSet/Wireless 604 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
IviRegMgr Module 4000 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
Malwarebytes' Anti-Malware 4408 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Malwarebytes' Anti-Malware 5496 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
McAfee Anti-Spam 2564 C:\Program Files\McAfee\MSK\msksrver.exe
McAfee Integrated Security Platform 4556 C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
McAfee Personal Firewall 2504 C:\Program Files\McAfee\MPF\MpfSrv.exe
McAfee Proxy 2368 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
McAfee SecurityCenter 3208 C:\Program Files\McAfee.com\Agent\mcagent.exe
McAfee SecurityCenter 6000 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
McAfee SiteAdvisor 2296 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
MgiSvr 2932 C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
Microsoft® Windows® Operating System 4744 C:\Program Files\Windows Mail\WinMail.exe
Microsoft® Windows® Operating System 4884 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 688 C:\Windows\System32\csrss.exe
Microsoft® Windows® Operating System 2912 C:\Windows\System32\csrss.exe
Microsoft® Windows® Operating System 4728 C:\Windows\System32\rundll32.exe
Microsoft® Windows® Operating System 4432 C:\Windows\System32\rundll32.exe
Microsoft® Windows® Operating System 784 C:\Windows\System32\services.exe
Microsoft® Windows® Operating System 1264 C:\Windows\System32\SLsvc.exe
Microsoft® Windows® Operating System 548 C:\Windows\System32\smss.exe
Microsoft® Windows® Operating System 1884 C:\Windows\System32\spoolsv.exe
Microsoft® Windows® Operating System 3436 C:\Windows\System32\taskeng.exe
Microsoft® Windows® Operating System 6060 C:\Windows\System32\taskeng.exe
Microsoft® Windows® Operating System 3836 C:\Windows\System32\taskeng.exe
Microsoft® Windows® Operating System 1588 C:\Windows\System32\VSSVC.exe
Microsoft® Windows® Operating System 3816 C:\Windows\System32\wbem\WmiPrvSE.exe
Microsoft® Windows® Operating System 740 C:\Windows\System32\wininit.exe
Microsoft® Windows® Operating System 3248 C:\Windows\System32\winlogon.exe
Microsoft® Windows® Operating System 1704 C:\Windows\System32\wlanext.exe
Microsoft® Windows® Operating System 4968 C:\Windows\System32\WUDFHost.exe
NSUService.exe 2584 C:\Program Files\Sony\Network Utility\NSUService.exe
NVIDIA Driver Helper Service, Version 1 996 C:\Windows\System32\nvvsvc.exe
PsiService System Service 2720 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
RAID Monitor 2164 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
Sony Home Network Library 3476 C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
Synaptics Pointing Device Driver 5644 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
VAIO Content Folder Watcher 3068 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
VAIO Content Metadata Intelligent Analy 3196 C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
VAIO Entertainment 4304 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
VAIO Entertainment 3224 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
VAIO Event Service 2968 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
VAIO Media plus Platform 4028 C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
VAIO Media plus Platform 2820 C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
VAIO Media plus Platform 3512 C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
VAIO Media plus Platform 3620 C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
VAIO Power Management 2608 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
VAIO Power Management 3020 C:\Program Files\Sony\VAIO Power Management\SPMService.exe
VAIO Update 5304 C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
Virgin Broadband advisor 3924 C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
VSCORE.14.0.0.435.x86 2772 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
VUAgent.exe 4188 C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
Windows® Internet Explorer 924 C:\Program Files\Internet Explorer\iexplore.exe
Wireless Manager Application 172 C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
(verified) Apple Mobile Device Service 1172 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(verified) Bonjour 736 C:\Program Files\Bonjour\mDNSResponder.exe
(verified) GoogleToolbarNotifier 4872 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® .NET Framework 2120 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(verified) Microsoft® Windows® Operating System 3328 C:\Program Files\Windows Media Player\wmpnetwk.exe
(verified) Microsoft® Windows® Operating System 3232 C:\Windows\System32\dllhost.exe
(verified) Microsoft® Windows® Operating System 3636 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 796 C:\Windows\System32\lsass.exe
(verified) Microsoft® Windows® Operating System 804 C:\Windows\System32\lsm.exe
(verified) Microsoft® Windows® Operating System 2628 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1912 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 3304 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2868 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1524 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 4500 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1120 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1480 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1024 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1300 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 952 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1160 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1148 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1488 C:\Windows\System32\svchost.exe
(verified) Windows® Search 3332 C:\Windows\System32\SearchIndexer.exe

Network activity
----------------
Process iexplore.exe (924) connected on port 80 (HTTP) --> 88.221.88.17
Process iexplore.exe (924) connected on port 443 (HTTP over SSL) --> 8.15.246.60
Process iexplore.exe (924) connected on port 1935 --> 195.59.58.151
Process iexplore.exe (924) connected on port 80 (HTTP) --> 88.221.88.26
Process iexplore.exe (924) connected on port 80 (HTTP) --> 173.194.41.154
Process iexplore.exe (924) connected on port 80 (HTTP) --> 173.194.41.153
Process iexplore.exe (924) connected on port 80 (HTTP) --> 173.194.41.138
Process iexplore.exe (924) connected on port 80 (HTTP) --> 69.171.228.39
Process iexplore.exe (924) connected on port 80 (HTTP) --> 88.221.88.67
Process iexplore.exe (924) connected on port 80 (HTTP) --> 88.221.88.67
Process iexplore.exe (924) connected on port 80 (HTTP) --> 88.221.88.18
Process iexplore.exe (924) connected on port 80 (HTTP) --> 88.221.88.18
Process iexplore.exe (924) connected on port 80 (HTTP) --> 2.16.239.139
Process iexplore.exe (924) connected on port 80 (HTTP) --> 88.221.88.73
Process iexplore.exe (924) connected on port 80 (HTTP) --> 88.221.88.18
Process iexplore.exe (924) connected on port 80 (HTTP) --> 173.194.41.155
Process iexplore.exe (924) connected on port 80 (HTTP) --> 173.194.41.155
Process iexplore.exe (924) connected on port 443 (HTTP over SSL) --> 2.16.237.177
Process iexplore.exe (924) connected on port 80 (HTTP) --> 88.221.88.17
Process iexplore.exe (924) connected on port 80 (HTTP) --> 31.186.225.24
Process iexplore.exe (924) connected on port 80 (HTTP) --> 88.221.88.17
Process iexplore.exe (924) connected on port 443 (HTTP over SSL) --> 84.53.133.210
Process iexplore.exe (924) connected on port 80 (HTTP) --> 88.221.88.18
Process iexplore.exe (924) connected on port 80 (HTTP) --> 173.194.41.155
Process iexplore.exe (924) connected on port 80 (HTTP) --> 88.221.88.67
Process iexplore.exe (924) connected on port 80 (HTTP) --> 98.139.225.43
Process iexplore.exe (924) connected on port 80 (HTTP) --> 98.139.225.43
Process iexplore.exe (924) connected on port 80 (HTTP) --> 193.149.47.99
Process iexplore.exe (924) connected on port 443 (HTTP over SSL) --> 173.194.41.154
Process iexplore.exe (924) connected on port 443 (HTTP over SSL) --> 173.194.41.153
Process iexplore.exe (924) connected on port 80 (HTTP) --> 2.19.163.24
Process iexplore.exe (924) connected on port 80 (HTTP) --> 98.139.225.43
Process iexplore.exe (924) connected on port 80 (HTTP) --> 216.137.57.223
Process iexplore.exe (924) connected on port 80 (HTTP) --> 98.139.225.43
Process iexplore.exe (924) connected on port 80 (HTTP) --> 207.200.74.25
Process iexplore.exe (924) connected on port 80 (HTTP) --> 69.171.228.39

Process Wireless Manager.exe (172) listens on ports: 20406
Process wininit.exe (740) listens on ports: 49152 (RPC)
Process services.exe (784) listens on ports: 49157 (RPC)
Process lsass.exe (796) listens on ports: 49156 (RPC)
Process svchost.exe (1024) listens on ports: 135 (RPC)
Process svchost.exe (1120) listens on ports: 49153 (RPC)
Process svchost.exe (1160) listens on ports: 49154 (RPC)
Process spoolsv.exe (1884) listens on ports: 49155 (RPC)
Process wmpnetwk.exe (3328) listens on ports: 554 (RTSP)
Process SOHDms.exe (3476) listens on ports: 50688, 50689
Process VCSW.exe (4304) listens on ports: 51493
Process McNASvc.exe (4556) listens on ports: 6646

Autoruns and critical files
---------------------------
AML C:\Program Files\Sony\VAIO Launcher\AML.exe
AVG Internet Security C:\Program Files\AVG\AVG9\avgtray.exe
AVG Internet Security c:\windows\system32\avgrsstx.dll
EasyNetwork C:\PROGRA~1\McAfee\MHN\McENUI.exe
HD Audio Control Panel C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
McAfee QuickClean c:\Program Files\McAfee\MQC\QcConsol.exe
McAfee SecurityCenter C:\Program Files\McAfee.com\Agent\mcagent.exe
Microsoft® Windows® Operating System C:\Windows\system32\BROWSEUI.dll
Microsoft® Windows® Operating System C:\Windows\system32\logon.scr
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
VAIO Event Service C:\Windows\system32\VESWinlogon.dll
Virgin Broadband advisor C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
Windows® Internet Explorer C:\Windows\system32\webcheck.dll
Wireless Manager Application C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Browser plugins
---------------
Ask.com Toolbar c:\program files\askbardis\bar\bin\askbar.dll
AVG Internet Security C:\Program Files\AVG\AVG9\avgssie.dll
BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
Client Gateway 1.5.24 C:\Program Files\Virgin Broadband\advisor\nprpspa.dll
DivX Plus Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
DivX Plus Web Player HTML5 <video> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
DivX VOD Helper Plug-in C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
Google Toolbar for Internet Explorer C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
Google Update C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
Java™ Platform SE 6 U24 C:\Program Files\Java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U24 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
McAfee SiteAdvisor c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll
McAfee SiteAdvisor C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
McAfee SiteAdvisor C:\Users\Willie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
McAfee SiteAdvisor C:\Users\Willie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
Microsoft® Windows Live Login Helper C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll
Move Streaming Media Player C:\Users\Willie\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
mskapbho.dll c:\Program Files\McAfee\MSK\mskapbho.dll
Veetle Broadcaster Plugin C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
Veetle TV Core C:\Program Files\Veetle\plugins\npVeetle.dll
Veetle TV Player C:\Program Files\Veetle\Player\npvlc.dll
VSCORE.14.0.0.435.x86 C:\Program Files\McAfee\VirusScan\scriptsn.dll
Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\Windows\system32\ieframe.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
(verified) NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

Scan
----
MD5: 1df47addb00773eb695cc7e953e1fd2d C:\Program Files\Adobe\Photoshop Elements 7.0\platform.dll
MD5: 3faed1c7b0e37e78c532243edc25baec c:\program files\askbardis\bar\bin\askbar.dll
MD5: 6060390ac5b9f7ec2e62b1eb2d5d50c6 C:\Program Files\AVG\AVG9\avgcfgx.dll
MD5: e9dc2ece7a0c77821b2c6364086f239b C:\Program Files\AVG\AVG9\avgchjwx.dll
MD5: c4bd9b642be1f65663b34fbad79ffab2 C:\Program Files\AVG\AVG9\avgclitx.dll
MD5: a43e97f3ff01b6f0a21c848454e98c13 C:\Program Files\AVG\AVG9\avgcslx.dll
MD5: 24192e5f8af8692837e7b76041666646 C:\Program Files\AVG\AVG9\avglogx.dll
MD5: 3d9895b981afac3ce2abe9c0a63d949a C:\Program Files\AVG\AVG9\avgpp.dll
MD5: 0f80a1a931a25a39a6f339fbd001bf3f C:\Program Files\AVG\AVG9\avgsched.dll
MD5: 7f18c04f815ddcbeb9e836756cafc479 C:\Program Files\AVG\AVG9\avgssie.dll
MD5: 91116b8ae59b0f0d2f0d7830c53dcde2 C:\Program Files\AVG\AVG9\avgtray.exe
MD5: 91b4689702cc07266246dd2b4e8a4a33 C:\Program Files\AVG\AVG9\avgwd.dll
MD5: a4366a74809a0c5f4e8a25d3df8d4356 C:\Program Files\AVG\AVG9\avgxpl.dll
MD5: 11add8816d61a6025844eb5123ec92d3 C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
MD5: bab1ad65778824ce73586537b9f89bd1 C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
MD5: 636aafad77beabe192d01e7e74f4a45b C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
MD5: ffe63d58d90cdb81b7688a37cdce0715 C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll
MD5: f415a88162d23977b5edae4f0410e903 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
MD5: f76d04f7413b07daa029f6520b64b4e8 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
MD5: 938acf2a4f7fdaff322fd36f0b14d45a C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MD5: 1264f787e46dc572fa274ca09b446e01 C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
MD5: d8215953426f83513c30f2df2cedf2a1 C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
MD5: 37bd97aa0be89f027b61e67b0df5dfe8 C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
MD5: 4b9cbc54fa3a846649f59bc185df63df C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
MD5: f036cfb275d0c55f4e45fbbf5f98b3c8 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
MD5: 8aecb4374320c8ed26067508cbb7a8ef C:\Program Files\Common Files\Sony Shared\AVLib\cdsrc.ax
MD5: d72085d6e0fe968568c8b7c77fee13ee C:\Program Files\Common Files\Sony Shared\AVLib\id3parser.dll
MD5: 03f0765c7c810951a5778a4ab46775b7 C:\Program Files\Common Files\Sony Shared\AVLib\OpcAtp.dll
MD5: 54c7372a9e7d02712cf7b172c1eecc5b C:\Program Files\Common Files\Sony Shared\AVLib\OpcCd2.dll
MD5: ee7dba04cc133045f39ded28050f38d4 C:\Program Files\Common Files\Sony Shared\AVLib\OpcDs.dll
MD5: 879c5de4a56ee2edb30f9dfa65dd8dd1 C:\Program Files\Common Files\Sony Shared\AVLib\OpcHiMd.dll
MD5: c4489d47a286085a29ce289234163fe1 C:\Program Files\Common Files\Sony Shared\AVLib\OpcOmg.dll
MD5: 5d43d0ba9e0c2f8782077f660dfe916f C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
MD5: 2a7015fca1d6eeea6f35dd5a91116335 C:\Program Files\Common Files\Sony Shared\OpenMG\MigrateToGM.dll
MD5: e04d74f827c99dade6c8fa515f9380da C:\Program Files\Common Files\Sony Shared\OpenMG\omgconv2.DLL
MD5: 4cb530d6476fcb564602697b25e12be0 C:\Program Files\Common Files\Sony Shared\OpenMG\omglgd.DLL
MD5: e4dbb1175ff64ba51f1dba271e56466f C:\Program Files\Common Files\Sony Shared\OpenMG\omgmisc.dll
MD5: 50cc404170e8b4e1e259ae1ba05bc3f7 C:\Program Files\Common Files\Sony Shared\OpenMG\omgmisc2.dll
MD5: 71dac34fa0ca0f8201fd7d8a6ae10a4f C:\Program Files\Common Files\Sony Shared\OpenMG\OmgPcMan.dll
MD5: 7f2f8900a2abae0db7b93c80ac2c4dd6 C:\Program Files\Common Files\Sony Shared\OpenMG\OmgTrans.ax
MD5: 9c8d3b89f2a824dcdfb8904853d34ffe C:\Program Files\Common Files\Sony Shared\OpenMG\OMGUtils.dll
MD5: 077bc7dc874d340c2014b4bedf788ce3 C:\Program Files\Common Files\Sony Shared\OpenMG\OpcCd3.dll
MD5: c29ac039efa61c653be39ba613dad750 C:\Program Files\Common Files\Sony Shared\OpenMG\OpcEa3.dll
MD5: 2dde0b3c945e480c853aa205a5ba64e2 C:\Program Files\Common Files\Sony Shared\OpenMG\OpcKdr.dll
MD5: e31047ac264d63ecab6544f22fb2ebc9 C:\Program Files\Common Files\Sony Shared\OpenMG\OpcMp4.dll
MD5: 2e7a983f90d940f442ed9ff525f784c5 C:\Program Files\Common Files\Sony Shared\OpenMG\pfcom.DLL
MD5: 320bb6d3933486ddbd7909a973bad420 C:\Program Files\Common Files\Sony Shared\OpenMG\salwrap.dll
MD5: 7699c377e734c61c55f13ecaaf029a85 C:\Program Files\Common Files\Sony Shared\SOHLib\CacheDataBase.dll
MD5: 98d8413d39550ca68b3cfaa3642d5797 C:\Program Files\Common Files\Sony Shared\SOHLib\dbcore.dll
MD5: 5acb61a284ad16ad7eb68129498398a9 C:\Program Files\Common Files\Sony Shared\SOHLib\Extension\Drptranscoder.dll
MD5: 91bfa89f8f58629eb71bac2c076a8499 C:\Program Files\Common Files\Sony Shared\SOHLib\Extension\MrsMpegParser.dll
MD5: 35fc0b738ab35cf0086f4939b40934cb C:\Program Files\Common Files\Sony Shared\SOHLib\LocalImporter.dll
MD5: bb5decd5b87b7de2a675e5f73f76a9e7 C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCIIF.dll
MD5: 7b24efa2a60ba7388fecda63ab24560a C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
MD5: 6930b1b8491d3e30df3a1e074ccec6c0 C:\Program Files\Common Files\Sony Shared\SOHLib\sohdb.dll
MD5: 140fcf5ffae4efba9740a9fd8b49e0bf C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
MD5: d8c244121a06b581b097d9617d94cff1 C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
MD5: 2db561887ea122b946bbe2821473edd8 C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
MD5: 4ec25cfa96408bc30319624da177e4be C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDsDll.dll
MD5: 29d9b24edf0214c21cecf4ce246c6b43 C:\Program Files\Common Files\Sony Shared\SOHLib\SOHNCI.dll
MD5: ab9ee246a1eb2c3c7c6cb16e0b9462f7 C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
MD5: f4f665684ad9ece239ed769077d3ddf2 C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\CDSObject.dll
MD5: 0beedf4b54383e95973f38df1ac7260e C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\HttpClnt.dll
MD5: 3c306a0ef074404d48774a8e31d8918e C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\HttpMsg.dll
MD5: ac2e2c03e4aee6d6b1a0a44daadbc8b5 C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\HttpSvr.dll
MD5: a44b68cb46d1483d6153a9ee184ea4c3 C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\MediaTranscoder.dll
MD5: ec880cf148e61d75898834d3dcae6f46 C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\MediaTranscoderMan.dll
MD5: 208cf336ff66fd9c2cea063dc76a867d C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\MrsAviTranscoder.dll
MD5: 8277ce1dd3af679b537ca0307e7ed013 C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\MrsCommon.dll
MD5: 23bf02c7a48de0be9c5d348e0047061c C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\MrsDvrMsTranscoder.dll
MD5: 7b899b9ae09ebc8de934a2ba7c5e0523 C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\MrsM4aTranscoder.dll
MD5: 502bae92ac16c875940fc082718e2f27 C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\MrsMp3Transcoder.dll
MD5: aaa9ab05f59f6fab1c9a6228d8a5ae63 C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\MrsMpeg2PsTranscoder.dll
MD5: 0b5513621ba0a33523090fac09007479 C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\MrsMpeg2TsTranscoder.dll
MD5: 8b04ce41384b22a0ad424567a9fe2d82 C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\MrsMpeg4Transcoder.dll
MD5: 049856338de3c7f944acc938268d9275 C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\MrsMTAMarshall.dll
MD5: 065d168015871f580261e241d38407d3 C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\MrsOmgTranscoder.dll
MD5: 12cb1b2b5c974d397ae9a3dd9b3bd7cf C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\MrsWavTranscoder.dll
MD5: 19731cfaa700198b24e9acad7f3f328a C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\MrsWmaTranscoder.dll
MD5: 3c4eab796b74dd39cf5bbc774edb1913 C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\MrsWmvTranscoder.dll
MD5: 7105c9d6d5a39927600e557bb488a9f4 C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\MTServer.dll
MD5: eb737a1540718824862da900f1a37ac3 C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\PluginConfig.dll
MD5: 77bf73946a0657862c3e9bfae9b9fbe9 C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\SoapUtil.dll
MD5: a53cb9122fecb3045c1d7bcc43d6faac C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\UPnPCP.dll
MD5: 35eceb4b6db7ac7048cd70c3a9e53d70 C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\UPnPCPProtocol.dll
MD5: d4edbb50a262bf3ff1ccf2037c22f5cc C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\UPnPDescInfo.dll
MD5: 63959e8124106d44ae5c403d1ef932ea C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\UPnPDevice.dll
MD5: e8db9b038dabff5b41a3a1ec5221dd34 C:\Program Files\Common Files\Sony Shared\SOHLib\Sony.Mrs\UPnPDeviceProtocol.dll
MD5: 2c994d0ca514551136828d4eed22e607 C:\Program Files\Common Files\Sony Shared\SOHLib\sqlite3.dll
MD5: 9ae8654728b0012b1b66a2121eeb7ef7 C:\Program Files\Common Files\Sony Shared\SOHLib\UK\SOHDmssr.dll
MD5: 607ef23f6671877388cd0e93ae15362f C:\Program Files\Common Files\Sony Shared\SOHLib\VCFwSOHPlugin.dll
MD5: a1349322cf52e6fac92ed4bba98147fc C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll
MD5: 751a23dafa5198e7d0193ebce40737cf C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\DrpCustomIpp2.dll
MD5: ad4ca877aa05f3a300fe4f9aa350641c C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\DrpDvAviEngine.dll
MD5: 04809e52e956a52a3cd61c0730dac51b C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\DrpDvAviObject.dll
MD5: 91378e02d08debb83fd4ec0dd8cadd97 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\DrpDvEngine.dll
MD5: b74660ea0b6012032b9653dcb5c446c2 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\DrpGeneralObject.dll
MD5: e309c9df842b86c1bcbdae3dab4fa826 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\DrpMediaObject.dll
MD5: b186d225d070bf74760767e8cdd9687c C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\DrpMP4Object.dll
MD5: 5089920a95add0c6b93149ebbf604f07 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\DrpMpegObject.dll
MD5: 19d484262f06b9f3acb7e9f84e2d79e2 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\DrpRawDvEngine.dll
MD5: d5460b05a00380c906ccbb1079c909d6 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\DrpRawDVObject.dll
MD5: a78c70788f5b81c3019845c573885488 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\DrpSoundObject.dll
MD5: fc902e4f583db74dc5f97ca54933a1bc C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\DrpStillObject.dll
MD5: 1113c167cf57329c4debb4962209c7e0 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\DrpUtility.dll
MD5: 1a58df947f7e1bad68c0847c69781024 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\sonydvau.dll
MD5: 3e5097d2f01bb823b0c256e64fd2ce78 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\sonydvvd.dll
MD5: 1c57360a19f9587dc38a20cb355f97bb C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\sprcxc.dll
MD5: 721a1677fd204ab065238504d9268d92 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
MD5: 13f4b46b8c2ed535d826b55f1611fd59 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFwPlugin.dll
MD5: f8bd1e1cdbd14863954efcd62ed39707 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFwPluginVzCdb.dll
MD5: 70b2852a03952d0a4cf8dcab8f0036b3 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCs.dll
MD5: 19fac3f65e41e0ba07767727808e5aaf C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\sonyuppc.dll
MD5: 366cd1d2ee1ac950a800437dc4c98101 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\UPnPCtrl.dll
MD5: 313ce91f1b734e2e02f0f4465b52115a C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
MD5: 3680e376cafb26e53acecb401d2a3c35 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSWEXEps.dll
MD5: 986e387d6706b31f9648cc684b752f09 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\MSVCP71.dll
MD5: b822691bc2506961e5f1ae801af46abb C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\MSVCR71.dll
MD5: 8b7431ac1a59a9b081f752e83f30699b C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdb.dll
MD5: ed3fa14b2e56783c40137d5d9039e34a C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbLocalDB.dll
MD5: 116f1107befe9d947e61f29886b6b085 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSsDB.dll
MD5: 79eb419f4a694b4514249e0d3db16ecf C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
MD5: 30107cb8ea70d5ee29a3f9a60abdf361 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvcPS.dll
MD5: 59a54f0071f5a1448910cb3771846221 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbVcds.dll
MD5: 4e7135d6d0127067e4cfee12259f895d C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
MD5: 30a6023a2b3cb5cec831288df60ca5df C:\Program Files\Common Files\Sony Shared\VcmMgr\VcmMgrIf.dll
MD5: 09ebe8492139fcb6dd3f49d61a501dfd C:\Program Files\Common Files\Sony Shared\VcmMgr\VcmMgrPluginIf.dll
MD5: b56cd01f36eef2967ef18d8df0e5c285 C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
MD5: 9ed589ee989f2ae0492fb1b970b0789d C:\Program Files\Common Files\System\ado\msado15.dll
MD5: d4daa80b44a6c904d87a79ccd10ff911 C:\Program Files\Common Files\System\msadc\msadce.dll
MD5: 9e064b07b1625bff18393917519a73cd C:\Program Files\Common Files\System\msadc\msadcer.dll
MD5: 2b13e9849acc136e65aae5acc6a89826 C:\Program Files\Common Files\System\Ole DB\msdasql.dll
MD5: c3d821190c04c6782b65cdf00896a7b0 C:\Program Files\Common Files\System\Ole DB\MSDATL3.dll
MD5: 951f36219c7384c6ed6c9f44d45c5235 C:\Program Files\Common Files\System\Ole DB\oledb32.dll
MD5: 892125b60ba6c2a66f485a89c4a6b918 C:\Program Files\Common Files\System\Ole DB\OLEDB32R.DLL
MD5: f101c848a95fdc6474a66a9d395eaaeb C:\Program Files\Common Files\System\wab32.dll
MD5: b938c1ae3adce166190895685b0beb0d C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
MD5: bc8ab9aa21934b663a07f79f7efa0123 C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
MD5: 3d2c49ed6f0bbb07d7cca0ca61f44f8f C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
MD5: 8c2044169be2224c8a7cb8e81e7581af C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
MD5: cb686f44bf955ea02520710a56874fa4 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
MD5: 974ee55b9a17d606a783add021aa65ad C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
MD5: ac31c3fc0b28f54f4873c5136be525f8 C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID_ENU.dll
MD5: 791464a9e9ade063327a29f1b3f1a86c C:\Program Files\Intel\WiFi\bin\EvtEng.exe
MD5: b575e7bb82bd1da97bb0a13a1f3f6618 C:\Program Files\Intel\WiFi\bin\IntStngs.dll
MD5: cb26ac62138f9ac470aa3a0d74bb859e C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
MD5: e8d9c671912774ba38d1f7a345b72f5b C:\Program Files\Intel\WiFi\bin\MurocApi.dll
MD5: 07cdb63f6171c4ff6f4ecd4d07a06720 C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll
MD5: 82161522cf0e2238f0f175e0d038f14f C:\Program Files\Intel\WiFi\bin\PfQOSMgr.dll
MD5: 0aeb3e31266e64e3c832b7d663bd5184 C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
MD5: 2c5168c856455cc43c4b4e1cc1920001 C:\Program Files\Internet Explorer\iexplore.exe
MD5: 88e49c2b7e75b1d9695d6a063f28a8bb C:\Program Files\Java\jre6\bin\jp2ssv.dll
MD5: 4ebb5b4dcabec18b29d01f9f607b0114 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: ed60ffd305ac0424920d146db9f9ed78 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
MD5: 6c4a3804510ad8e0f0c07b5be3d44ddb C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
MD5: f508f39eb8b3e6fd14beff8293e59345 C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
MD5: d8d95f3867c2c93d012660e59e80db20 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
MD5: 844c363b47960cafcd81e5285269f280 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
MD5: 026423673b8563e9975bda97ed6273c7 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
MD5: 0af0c0c737ee9ba80a1c0b72fe9022c8 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
MD5: 94e920be59b9ab65d95e582dbaa136ac C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
MD5: f751c546a9a586a09ad64274529f8e9c C:\Program Files\McAfee.com\Agent\mcagent.exe
MD5: 62f43f7196d9ddad458bd158bad5a05c c:\Program Files\McAfee\MHN\McENSrv.dll
MD5: cd94b9ec018df4daabae94bf43fa37dc c:\Program Files\McAfee\MHN\McMhnVer.dll
MD5: 85ce16302bbcdd05b6305cbd2501e91a C:\Program Files\McAfee\MPF\2057\L10N.DLL
MD5: f6e134767c574a65edb59da6be05220f c:\Program Files\McAfee\MPF\MC\MpfMISP.dll
MD5: af8b4430e1e00ed44888b1098978b014 c:\Program Files\McAfee\MPF\MC\MPFP.dll
MD5: 0655d440057942de2beeb8fad145490e C:\Program Files\McAfee\MPF\MpfSrv.exe
MD5: ebb7a9ed3b73a3d5d930292bc6a69dbf c:\Program Files\McAfee\MPS\mps.dll
MD5: ad880ac83ab2e0c6ba1755bee2163aa9 c:\Program Files\McAfee\MPS\mpscfg.dll
MD5: b445b0f6261b109ef2cbd934230de9c9 c:\Program Files\McAfee\MPS\mpsmspap.dll
MD5: dc0d54b69f6fd026ccadcf3ccc8485de c:\Program Files\McAfee\MPS\mpspc.dll
MD5: 1791e6a05de53efe7b97e7c4f34cdd16 c:\Program Files\McAfee\MPS\mpspii.dll
MD5: f93594a6b934514657e8dd72947751d8 c:\Program Files\McAfee\MPS\mpspv.dll
MD5: 362629057ddcf1044e8c81c4e45eecd1 C:\Program Files\McAfee\MSC\2057\mclocres.dll
MD5: e9e70020089df9fc2b1f7abcb219bfed C:\Program Files\McAfee\MSC\mccobres.dll
MD5: 41a6d362ba18a526a3f41aaa7889049c c:\Program Files\McAfee\MSC\mcprotpv.dll
MD5: 349d0eb519a7ff4a0d8bee6183b1f94b c:\Program Files\McAfee\MSC\mcsubmgr\9,15,126,0\mcsubmgr.dll
MD5: 1a8083f0a96be57e87649962200467a8 C:\Program Files\McAfee\MSC\oem\649-1\Mccobres.dll
MD5: a5087fda9b99a30fa76b8efa2e00ba1c C:\Program Files\McAfee\MSK\masecore.dll
MD5: 7b54980334e33fc209b5c56d80bf5a60 c:\Program Files\McAfee\MSK\mskapbho.dll
MD5: ca48acd6ff8060976566f950728ac71d c:\Program Files\McAfee\MSK\mskengn.dll
MD5: 72d2127d7ccb50e8fd42ee60ad1a2505 c:\Program Files\McAfee\MSK\mskmisp.dll
MD5: 29731bb7ea576ba3774ec4d04c481ce4 c:\Program Files\McAfee\MSK\mskoeplg.dll
MD5: fed2b04938442271ef02d56e567f0bc1 c:\Program Files\McAfee\MSK\mskpxplg.dll
MD5: 6b9c5962232c676df2a8892320100ebf C:\Program Files\McAfee\MSK\MSKSet.dll
MD5: cf3c267356f458be85c5034bfc382022 C:\Program Files\McAfee\MSK\msksrver.exe
MD5: 7a558aabfbcd26d8cc5c3b0240f82760 c:\Program Files\McAfee\MSK\mskupd.dll
MD5: f8d5b6bcdf621934be8e1d70b7ab447a c:\Program Files\McAfee\MSK\mskwm.dll
MD5: 67877a56d2e07301145c812cc8f0adcd c:\Program Files\McAfee\MSK\mskxaif.dll
MD5: 3bfe01574ceb5a5708b2a89af79e09f6 c:\Program Files\McAfee\SiteAdvisor\apengine.dll
MD5: 248ac0cde13e6724a3a7d9cebebc8b3c c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
MD5: 0b135994a76efb60febe207c78c5beba c:\Program Files\McAfee\SiteAdvisor\mcbrwctl.dll
MD5: 12d6f3ed1ac256836e4401fdff49b5c3 c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
MD5: 9df36b181745a7566a493a201af30007 c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll
MD5: f5f945ab625031a276c6a8e8f92c3bdc C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
MD5: 597c2e1c4be08e1083530b4ef047ba37 c:\Program Files\McAfee\SiteAdvisor\McSACorePS.dll
MD5: 62cdfbfd0dbc59de7d576b5dbd3ae370 C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
MD5: 95935894f9a2998752647300023da5bd c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MD5: f0b78dab8bc4db0bcf51f0a1138416d5 c:\Program Files\McAfee\SiteAdvisor\saplugin.dll
MD5: e6361f1f2e079d568fb4a753a4465a48 C:\Program Files\McAfee\SiteAdvisor\SaSSHMod.dll
MD5: bd4abdd6f38fe9bbd3d93b0c901282f8 c:\Program Files\McAfee\SiteAdvisor\saupkeep.dll
MD5: ed6512635e0e85ea7769668e2237cde0 C:\Program Files\McAfee\VirusScan\2057\esplgres.dll
MD5: 5ddf0e035f58cf512f5f6c78ce57fc11 C:\Program Files\McAfee\VirusScan\2057\vscobres.dll
MD5: 9c64289e6b6d270a50dae8fa0972fcb1 C:\Program Files\McAfee\VirusScan\Engine\5301.4018\mc5300up.001
MD5: 7d2db489f984628a63aa4d3703b079b4 C:\Program Files\McAfee\VirusScan\Engine\5301.4018\mcscan32.dll
MD5: 75f977db770aff97dbe5bd6fe75799c0 C:\Program Files\McAfee\VirusScan\lockdown.dll
MD5: 758e8d15c6a8ba81d91e8c1cdfa0d92d c:\Program Files\McAfee\VirusScan\McVsPP.dll
MD5: 1b2758fe0fbe30f61f2161aa594ad684 c:\Program Files\McAfee\VirusScan\mvsap.dll
MD5: 172dea0f4b38cc879332c8f8ea2e5917 C:\Program Files\McAfee\VirusScan\mvslog.dll
MD5: 0f6b0b0676a2b8120f565e7927df3f5a C:\Program Files\McAfee\VirusScan\mytilus3_worker.dll
MD5: d87b77d43c2e58db4ca78feed5dce4a1 C:\Program Files\McAfee\VirusScan\naiann.dll
MD5: eef060288cfd52f4de483c76cd12daa8 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
MD5: 8a735fa5ae54d6f6134bb85300e51a20 C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt.dll
MD5: 276bff84ad77dd23e1085e191f5a591f C:\Program Files\Sony\Network Utility\NSUService.exe
MD5: 841bd50fb157a58214954962016600b0 C:\Program Files\Sony\Network Utility\PluginBluetooth.plugin
MD5: 69b700bfa65e901133a74fb0bf2bb052 C:\Program Files\Sony\Network Utility\PluginEthernet.plugin
MD5: 61bbaf5dea1f9f533850e4a3553d0804 C:\Program Files\Sony\Network Utility\PluginMgr.dll
MD5: 3cb1852bdcaa54cd2c710c25fe3785d7 C:\Program Files\Sony\Network Utility\PluginRas.plugin
MD5: 880f6ccdb4a1a62052fe10677c5f1f99 C:\Program Files\Sony\Network Utility\PluginWlan.plugin
MD5: 0bf53ba013c049eb30a61e4546aad773 C:\Program Files\Sony\Network Utility\PluginWwan.plugin
MD5: 6d513f094ccc522806db0f0aed486972 C:\Program Files\Sony\VAIO Control Center\CommonSetting.dll
MD5: 14bad6d84ba14cf65d615097973ac4fd C:\Program Files\Sony\VAIO Event Service\VESAppMon.dll
MD5: 2ea0b8689fc9765dda4bc4af7696ac09 C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
MD5: 382ae85f99ed8ad013434e97e34386b3 C:\Program Files\Sony\VAIO Event Service\VESColorMgr.dll
MD5: 1e2cc9bce1679114821f3fb79648a858 C:\Program Files\Sony\VAIO Event Service\VESHKWndCommon.dll
MD5: 73328c784ecfe7072bd102f370076b50 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
MD5: f0beaccb834089b81d6c7e9fa37fb4e6 C:\Program Files\Sony\VAIO Event Service\VESPerform.dll
MD5: fe729b40b02262e0c5ae7f4d37cd3763 C:\Program Files\Sony\VAIO Event Service\VESPowerMgr.dll
MD5: 69bdc7bc6b65d3dcc9c81f84228b3e94 C:\Program Files\Sony\VAIO Event Service\VESSemiPnP.dll
MD5: a81a43ca2befc3cebc92f217c285f2ed C:\Program Files\Sony\VAIO Event Service\VESStorageProtect.dll
MD5: 81a2305b270701fff632c721c27102c2 C:\Program Files\Sony\VAIO Event Service\VESSuEvent.dll
MD5: ad276eb8958197bcfda2a2a247edc31f C:\Program Files\Sony\VAIO Event Service\VESSuPerform.dll
MD5: f6c7ba1d4aa3219dc10351f98d66b7ee C:\Program Files\Sony\VAIO Event Service\VESTransform.dll
MD5: f60899a640c5b77471b6b58fd9e448ae C:\Program Files\Sony\VAIO Event Service\VESUSBKeyboard.dll
MD5: 77f252c539bb57fdcda348755e7a921c C:\Program Files\Sony\VAIO Event Service\VESVideo.dll
MD5: c62bf37866921904ced236ac79c402eb C:\Program Files\Sony\VAIO Event Service\VESWndMsg.dll
MD5: b3c004ae7f500cbbf3ff2aee2697f63c C:\Program Files\Sony\VAIO Launcher\AML.exe
MD5: 4ad091acb805317cf3b61038ed3525c8 C:\Program Files\Sony\VAIO Launcher\VESAVModeButton.dll
MD5: d9270148c41021fd38be182e307d8e51 C:\Program Files\Sony\VAIO Power Management\SPMDrv.dll
MD5: c093d9bbb358aaacaa3533530ee7ee2a C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
MD5: 45a9ae4768840830d0239b52dfdc806a C:\Program Files\Sony\VAIO Power Management\SPMService.exe
MD5: 1fc75ae9fb9cd63af9a9bd416c4bdfff C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
MD5: a800c6fc6c86647b6ba36c25baef99ab C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
MD5: 844c5fdc4ee5a546bc2f09d3bf0cf719 C:\Program Files\Sony\VAIO Update Common\VUAgentPS.dll
MD5: 76db028293788229506ac0eda70cbfcb C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzDbNotifyVep.dll
MD5: fd03ac6cd1571aa8b2ff56d3c600e26e C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
MD5: 81c92a837dda283a3ebbc9c3419315f3 C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzQueueContents.dll
MD5: 3a6cac794e239da07ee178503b0ddd1f C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzTimerWapi.dll
MD5: 5ce6d96c5210d5b0145ee39c0b8e7c8a C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: 866b027053f3a40bc36126d265c78e96 C:\Program Files\Veetle\Player\npvlc.dll
MD5: dc45b20ec28d0b626da2f3df12d0fd78 C:\Program Files\Veetle\plugins\npVeetle.dll
MD5: 30740221c0ae535da3fa7228c1c5a826 C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
MD5: 6075ab485ac06f4ca229a345250b7ea8 C:\Program Files\Virgin Broadband Wireless\AffCrypto.dll
MD5: 66af9991f7eaf6e95f088b4e4bc1e5ac C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
MD5: 5dd891d899679af38406b09ee33ffe34 C:\Program Files\Virgin Broadband Wireless\AffinegyServicePS.dll
MD5: 43e9ddee19a28b248131fd820529f638 C:\Program Files\Virgin Broadband Wireless\AffIpHelper.dll
MD5: 4fae52e93152cb8b5dda73b281c10278 C:\Program Files\Virgin Broadband Wireless\affNdis.dll
MD5: b2292e10dc5e1103c678f9f3a7eb98ad C:\Program Files\Virgin Broadband Wireless\AffStateMc.dll
MD5: e2cb5f0ebf2739554284251ec8593d0a C:\Program Files\Virgin Broadband Wireless\W32N55.dll
MD5: 1d1d81a45ecad70bada52de8fb332961 C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
MD5: 631ecf72f989abfe00d29303de01e547 C:\Program Files\Virgin Broadband Wireless\Wireless ManagerLOC.dll
MD5: 07e9b400111ffab04492c239b66473a9 C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
MD5: 7a94960ffd3abe61c2f909be1a211f7f C:\Program Files\Virgin Broadband\advisor\nprpspa.dll
MD5: c7616dcbf49b13a56e46be5dbbf0c4d6 C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll
MD5: 7e8c63ca3b19d976d249d8246b6ab579 C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
MD5: 194241c06214a351e53f97682d1e9d3e C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll
MD5: c64d5b105aadbf430ae8954634362647 C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
MD5: 7d1ca8f474782146c8bcdd3353586521 C:\Program Files\WIDCOMM\Bluetooth Software\btosif.dll
MD5: c5a5f29607c895d4b77e50ad30c5e536 C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll
MD5: c66573df254f7253a0fae2696b63398f C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
MD5: 8d63ef4215157930ddc87696fda21e7c C:\Program Files\WIDCOMM\Bluetooth Software\btwapi.dll
MD5: 93d5561c2b0a913531d977669778a053 C:\Program Files\WIDCOMM\Bluetooth Software\BtwCP.DLL
MD5: 2c50a18375ef2571f09d9daf83192762 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
MD5: 2f60e1a209f388ba3d560c467de37f06 C:\Program Files\WIDCOMM\Bluetooth Software\btwhidcs.DLL
MD5: b7dc98f6f4e7611a9c0849945fb28fb9 C:\Program Files\Windows Defender\MpOav.dll
MD5: e3d0a0328525d679a148bc6505ea327b C:\Program Files\Windows Mail\MSOE.DLL
MD5: 69fd110db660fa0b9b48332b2cf8169a C:\Program Files\Windows Mail\msoeres.dll
MD5: 85b8e9132595601813d62dc6d6142f90 C:\Program Files\Windows Mail\OESpamFilter.dll
MD5: 7e6ea9cb72b5de84a5d700bed877e5f9 C:\Program Files\Windows Mail\WinMail.exe
MD5: a070b8c38ceb3a30cc18d1b7c433144c C:\Program Files\WinRAR\rarext.dll
MD5: c3e038568be51e1c47dd807f8f9a3ce6 C:\PROGRA~1\McAfee\MHN\McENUI.exe
MD5: 16c25d0d0a5f64c16459a19cb29c0606 C:\Users\Willie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
MD5: 56fc8294fbbb6c793b6c3ad277f512aa C:\Users\Willie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
MD5: 0f186b55af315a2d240061e94df5303a C:\Users\Willie\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
MD5: 51a4930ae13ec5b9a4b3c7d5f11dd676 C:\Windows\AppPatch\AcLayers.DLL
MD5: f4d241169a2635e28732ca51c3adb1ec C:\Windows\AppPatch\AcRedir.DLL
MD5: a0b22cd7628dbda754fb254e55f0ac80 C:\Windows\AppPatch\iebrshim.dll
MD5: b74bb4fa1cb68892caf2e3a586a55e23 C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MD5: 7d5693b76b5146060b7a16dd704b30ef C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MD5: 547198a24e5a4bcae8093344a30b9b4a C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll
MD5: 0a366ef3bc2476c2caa3eae81ea58cd3 C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
MD5: e4d81332111b077d177fed31ecbc1267 C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MD5: aa78449ea277d52d315ff2edc70d92c8 C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
MD5: a24c912115a7fa0d8ff9e44595cafff0 C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
MD5: f976dfbf212d7af5b195a9a2d9f616e4 C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
MD5: 1565b7fafdfa6eee16101388e57e749f C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
MD5: 3b90699f5cb0ed08d00a837014262495 C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
MD5: d59a5b6ebfce6dbf9ee5d8a72eb8219b C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
MD5: e249d1b3114088c0d390a60643bf2bbc C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
MD5: ce45722a3393b63843de48f314cf6b3f C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MD5: b46192d9a0cb3072cb604a7691003cff C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MD5: d709af78422f6f0ef09cd0b79cfe743f C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MD5: a9bb8332bef887a0f4adc3c88cc35bfc C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MD5: 28a295aa6abd45f4557b6c00d0f8c5b1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MD5: 8c70a2b884ffbbae50bbd21fb962a846 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MD5: 3b308420e61d1d218c2d6d6915756487 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MD5: 1fa2274532e71bc48bbcc0046a5d4c4a C:\Windows\Downloaded Program Files\qsax.dll
MD5: 6717ae12e326dd1e39f6ee183a37dc0f C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: ee59d3cdfab2e808551084165c7887bf C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: 35a936c7c029a5b705d3ffd40518d660 C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 58f57f2f2133a2a77607c8ccc9a30f73 C:\Windows\system32\acctres.dll
MD5: e9b9c1b98c8d6d48407e1c1203eac659 C:\Windows\System32\adsldpc.dll
MD5: c77f71aa825263541965846edd9e8729 C:\Windows\system32\ADVPACK.DLL
MD5: 46a3c158e45cd72296def7eea4503945 C:\Windows\system32\ArcSoftKsUFilter.dll
MD5: f31eebc1a1c81fd04005489cc3dcdfe7 C:\Windows\system32\basesrv.dll
MD5: f21f255b91ca4f04e4250decd2067cbb c:\windows\system32\bitsperf.dll
MD5: 02f0be91b0f2b1c30f6f48334f47d625 C:\Windows\system32\BlackBox.dll
MD5: 169f4763d943fb712948292066318635 C:\Windows\system32\catsrv.dll
MD5: a36e1a0cb17dddf6e0bf3cea4e7a52ec C:\Windows\system32\catsrvut.dll
MD5: d333058925ce305e39de8d5ad2b52a46 C:\Windows\system32\CLUSAPI.DLL
MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe
MD5: 7f15b4953378c8b5161d65c26d5fed4d C:\Windows\system32\cngaudit.dll
MD5: bf6f0c2df119f71c22c00525adf2ee56 C:\Windows\system32\corpol.dll
MD5: 93e317d7ad783d8eaee2e3500bfe889d C:\Windows\System32\credui.dll
MD5: 498961deaac558a5d85f7596cbca6dc3 C:\Windows\system32\CRYPTDLG.dll
MD5: ca111717010609a03b2720fcb1634daa C:\Windows\system32\CSRSRV.dll
MD5: abca209eba02cb59233614db83b4f50d C:\Windows\System32\csrss.exe
MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\system32\DNSAPI.dll
MD5: 57d762f6f5974af0da2be88a3349baaa c:\windows\system32\dnsrslvr.dll
MD5: 3911b972b55fea0478476b2e777b29fa C:\Windows\system32\drivers\afd.sys
MD5: 1961590aa191b6b7dcf18a6a693af7b8 C:\Windows\System32\Drivers\AFGSp50.sys
MD5: 857b48965a0503b7ab795d4bfe7cbd8b C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
MD5: 80ff2b1b7eeda966394f0baa895bbf4b C:\Windows\System32\Drivers\avgmfx86.sys
MD5: 9a7a93388f503a34e7339ae7f9997449 C:\Windows\System32\Drivers\avgtdix.sys
MD5: 35f376253f687bde63976ccb3f2108ca C:\Windows\system32\DRIVERS\bowser.sys
MD5: 611ff3f2f095c8d4a6d4cfd9dcc09793 C:\Windows\System32\Drivers\BTHport.sys
MD5: d330803eab2a15caec7f011f1d4cb30e C:\Windows\System32\Drivers\BTHUSB.sys
MD5: 6e41621e03d91167ceae555ce2b468b8 C:\Windows\system32\drivers\btwaudio.sys
MD5: 7e67b295081b33ea22c0fb04798b306c C:\Windows\system32\drivers\btwavdt.sys
MD5: 54c2ee0a3cec586629035d771aacae67 C:\Windows\system32\DRIVERS\btwl2cap.sys
MD5: 4b4f992ee709c40efd33ba4d2bafa402 C:\Windows\system32\DRIVERS\btwrchid.sys
MD5: 622c41a07ca7e6dd91770f50d532cb6c C:\Windows\System32\Drivers\dfsc.sys
MD5: f206e28ed74c491fd5d7c0a1119ce37f C:\Windows\system32\DRIVERS\DMICall.sys
MD5: fb85f7f69e9b109820409243f578cc4d C:\Windows\System32\drivers\dxgkrnl.sys
MD5: 5a87127718873bd7f3bd7ac42b951d8e C:\Windows\system32\DRIVERS\hidir.sys
MD5: db0cc620b27a928d968c1a1e9cd9cb87 C:\Windows\system32\drivers\iastor.sys
MD5: 0d8ba4a407a3369039cc375b8f23627e C:\Windows\system32\DRIVERS\jmcr_cfs.sys
MD5: 336abe8721cbc3110f1c6426da633417 C:\Windows\system32\DRIVERS\Lbd.sys
MD5: 69a6268d7f81e53d568ab4e7e991caf3 C:\Windows\system32\drivers\mbam.sys
MD5: 95675c3398dcc084c8d1dc35cc4e9e01 C:\Windows\System32\Drivers\Mpfp.sys
MD5: 1e94971c4b446ab2290deb71d01cf0c2 C:\Windows\system32\DRIVERS\mrxsmb.sys
MD5: 4fccb34d793b116423209c0f8b7a3b03 C:\Windows\system32\DRIVERS\mrxsmb10.sys
MD5: c3cb1b40ad4a0124d617a1199b0b9d7c C:\Windows\system32\DRIVERS\mrxsmb20.sys
MD5: f0c42e0cdce558d658fa53a222b4ccb1 C:\Windows\system32\DRIVERS\NETw5v32.sys
MD5: 2c7ac27710e8d41c1eb7d1599187d237 C:\Windows\system32\drivers\nvhda32v.sys
MD5: 0e3252ef345ed302ff0b51d388d2a584 C:\Windows\system32\DRIVERS\nvlddmkm.sys
MD5: 001b4278407f4303efc902a2b16f2453 C:\Windows\system32\drivers\regi.sys
MD5: f7d9ecf41ebd3cf6c65944368150f66b C:\Windows\system32\DRIVERS\rimsptsk.sys
MD5: 1be6c42767a7c67ba31ae32b293b37a3 C:\Windows\system32\DRIVERS\risdptsk.sys
MD5: 3aa1f82efa2b0454af163124c9920d16 C:\Windows\system32\drivers\RTKVHDA.sys
MD5: 126ea89bcc413ee45e3004fb0764888f C:\Windows\system32\DRIVERS\sdbus.sys
MD5: c33bfbd6e9e41fcd9ffef9729e9faed6 C:\Windows\system32\DRIVERS\sfloppy.sys
MD5: 41987f9fc0e61adf54f581e15029ad91 C:\Windows\System32\DRIVERS\srv.sys
MD5: ff33aff99564b1aa534f58868cbe41ef C:\Windows\System32\DRIVERS\srv2.sys
MD5: 7605c0e1d01a08f3ecd743f38b834a44 C:\Windows\System32\DRIVERS\srvnet.sys
MD5: 99da94793332aadbb17bbb521ae56e21 C:\Windows\system32\DRIVERS\SynTP.sys
MD5: 814a1c66fbd4e1b310a517221f1456bf C:\Windows\System32\drivers\tcpip.sys
MD5: 55fe712f574da1a726ad74b20886a529 C:\Windows\System32\Drivers\tcusb.sys
MD5: 45a9b22ef9a4fadfa02d60accb4e8202 C:\Windows\System32\drivers\UMDF\WpdFs.dll
MD5: 47b9770ea21436de4ad5aea7926e0900 C:\Windows\system32\DRIVERS\usbcir.sys
MD5: 5c7bdcf5864db00323fe2d90fa26a8a2 C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
MD5: ec36f1d542ed4252390d446bf6d4dfd0 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
MD5: 090a2b8f055343815556a01f725f6c35 C:\Windows\system32\DRIVERS\wimfltr.sys
MD5: 780e78694485d405413ae67fade0bc3f C:\Windows\system32\DRIVERS\yk60x86.sys
MD5: b68fcc1f8684ab3ec4be4d0a2537d26d C:\Windows\system32\Dxtmsft.dll
MD5: d12feb0e3ea6063a65a5498ed90fd790 C:\Windows\system32\Dxtrans.dll
MD5: b8a21907fe2f1a113f3487d9ab60bef9 C:\Windows\system32\en-us\tQuery.dll.mui
MD5: b4b59ac042ee3733a862f26cbc0b17fc C:\Windows\system32\hidphone.tsp
MD5: 0c84b6affa7486422235584110d7176f c:\windows\system32\ICAAPI.dll
MD5: dca3fa9f9dd103dc39c24c85ef073db1 C:\Windows\system32\icmp.dll
MD5: b277035d8108c0183c3017587e959155 C:\Windows\system32\ieapfltr.dll
MD5: 7a98ebbf319753bcbbdbcf604e70dfb1 C:\Windows\system32\ieframe.dll
MD5: 9851a8d35d59e2215d9fa738d25205bf C:\Windows\system32\iepeers.dll
MD5: 7e1c059bb78e126f0fca620c211be78d C:\Windows\system32\iertutil.dll
MD5: 4f9ad1e91eae2008970c9510dc1e4496 C:\Windows\system32\IEUI.dll
MD5: 5a005676a0252fbafec8f68162eb9f88 C:\Windows\system32\ImgUtil.dll
MD5: 8ffdeb99eac611d617016f2174d48fc6 C:\Windows\system32\INETCOMM.dll
MD5: 665790240511df6bc40a30e01731f49f C:\Windows\system32\irprops.cpl
MD5: b6b68e431621824dead7027d9cac9f0d C:\Windows\System32\IWMSSvc.dll
MD5: 612c998879796b01b10961413e1bbb53 C:\Windows\system32\jscript.dll
MD5: 74c2f29cc612b2b34231bebd824d2fb2 C:\Windows\system32\keyiso.dll
MD5: 953193a9dea40348c1086d171f6440ae C:\Windows\system32\kmddsp.tsp
MD5: ca0b849566776a17f35f0339be17dfd9 c:\windows\system32\ktmw32.dll
MD5: 19ffad68a02af1bf0bc336ee26cd6767 c:\windows\system32\l2gpstore.dll
MD5: 35d40113e4a5b961b6ce5c5857702518 c:\windows\system32\lmhsvc.dll
MD5: b17d18fd6594aaa25cbc95e799b1bf40 C:\Windows\system32\logon.scr
MD5: d9635f2fe09f9fa9edb668e70cbe2bcb C:\Windows\system32\LZ32.dll
MD5: bd007d624e4cd905ab2e8df2c6de891c C:\Windows\system32\Macromed\Flash\Flash11c.ocx
MD5: de3021b382d37122850280b6392397cd C:\Windows\system32\MfcSubs.dll
MD5: b4f5de3dad8e6b97272f45db97674878 C:\Windows\System32\mgmtapi.dll
MD5: 56e315acfb08a177b4d01e42b9044db5 C:\Windows\System32\MPRAPI.dll
MD5: 554ed6988e44fdf18941429e8b2cb652 C:\Windows\system32\MSDART.DLL
MD5: 50763343b6083a82ddb12739d87016c1 C:\Windows\system32\mshtml.dll
MD5: 325ec1fc0185225f755014a78370b2b0 C:\Windows\system32\mshtmled.dll
MD5: 3f1c39c36588c8c23cf1c1e4f9f20af2 C:\Windows\system32\msidcrl30.dll
MD5: 17a987b488f47783cbbf6a9be2baad09 C:\Windows\system32\msident.dll
MD5: aab5feaabf4cb6f76d794203831c8d94 C:\Windows\system32\Msidle.dll
MD5: f3ebda850cc141768498decaad513299 C:\Windows\system32\msls31.dll
MD5: 1c72eb99c500bc527b009ffdcb7d5611 C:\Windows\system32\MSOEACCT.dll
MD5: 5e41139ec6efbcaffd96d46925e544ab c:\windows\system32\mspatcha.dll
MD5: abe9eea1eabea0711610a637a7b1c25d C:\Windows\system32\msprivs.dll
MD5: ff41e1ac301f51e16f61ad7c0f45467c C:\Windows\System32\msshsq.dll
MD5: 2310a32bb0164552a311bfa02102a3d6 C:\Windows\system32\MSVCP60.dll
MD5: 2fa16465f64db54b1f7f511395eb4fd7 C:\Windows\system32\NCObjAPI.DLL
MD5: f4d9ed6bd74ad7cc0bec83c43a1cb76b c:\windows\system32\ncsi.dll
MD5: 2f6776acefe41ee889c464ea407918f2 C:\Windows\system32\ndptsp.tsp
MD5: 6bc5fcef351e4cb5a269c1e84b5a06da C:\Windows\system32\netcfgx.dll
MD5: 95daecf0fb120a7b5da679cc54e37dde C:\Windows\system32\netlogon.dll
MD5: 4bf053944e973c073339be841c9ecf28 C:\Windows\System32\NETRAP.dll
MD5: 92175ef139bd8fb53be879ca685445bd C:\Windows\System32\NLSData0000.dll
MD5: 8bb86f0c7eea2bded6fe095d0b4ca9bd c:\windows\system32\nsisvc.dll
MD5: 708fb84003732e220c23cdf207f5a329 C:\Windows\system32\ntdll.dll
MD5: 28433e8563e60b7a2c4082f7c015fc90 C:\Windows\system32\nvapi.dll
MD5: b56a57455cf4738d7f7bfb957dafd7f8 C:\Windows\system32\nvd3dum.dll
MD5: b2ef162352a10016740e394710c19894 C:\Windows\system32\NVSVC.DLL
MD5: 9a971fc9ae550fd9495dc4d5c8c27225 C:\Windows\System32\nvvsvc.exe
MD5: 862363973dcbcc31dd161ef41a69153c C:\Windows\system32\ODBC32.dll
MD5: a1b46928e107d770053e6b4d248298a5 C:\Windows\system32\odbccp32.dll
MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\system32\ole32.dll
MD5: dc15ab7168c0309d8f04fd95b6240422 C:\Windows\system32\OLEACC.dll
MD5: b218342214d9bba0f54ea12ba2e9278c C:\Windows\system32\OLEAUT32.dll
MD5: f0062778f50838145ac46b384ffb4fa3 C:\Windows\system32\pcadm.dll
MD5: b8d3bf818defe1da9a754f214e528221 C:\Windows\system32\pngfilt.dll
MD5: 21322832c99e8de85bd047689a2a69db C:\Windows\system32\pnpts.dll
MD5: b26c0d2b2186ac508b5eff976bb7ff9d C:\Windows\system32\PortableDeviceApi.dll
MD5: 5a87fd90634c9a05157469da2441ebb4 C:\Windows\System32\portabledeviceclassextension.dll
MD5: 290a5aa84c6f06e0b82e94f419fee9c5 C:\Windows\system32\PortableDeviceTypes.dll
MD5: b288ff7c1987a736726e87c79148c360 C:\Windows\system32\PortableDeviceWiaCompat.dll
MD5: e340845c8e96d107c36420065d7a5733 C:\Windows\system32\printcom.dll
MD5: 08f9134a2215b7ed985409a4df60ac60 C:\Windows\system32\psbase.dll
MD5: daa1b96073c79c84f8d28fbf55580415 C:\Windows\system32\PSTOREC.DLL
MD5: 6d01259214d1e815613eca3cd81679ec C:\Windows\system32\pstorsvc.dll
MD5: af322cbdedaea007676f1708cd6ea686 C:\Windows\system32\qasf.dll
MD5: 801f1e963f7eeffda3f9ef89db3ef133 C:\Windows\system32\radardt.dll
MD5: 2dd6af8e97f59c9d39329bbc2a81f13f C:\Windows\System32\RASDLG.dll
MD5: 88225070dd2f7b0b2ed51e7935078641 C:\Windows\system32\RASQEC.DLL
MD5: b9f3ff52b84fd9e3cafb29b8ee385e5b C:\Windows\system32\RESUTILS.DLL
MD5: d32960212b73652f56b2f1c8d5776c0a C:\Windows\system32\RtkAPO.dll
MD5: 4b555106290bd117334e9a08761c035a C:\Windows\System32\rundll32.exe
MD5: 2ab58991862153a248779174d4e4212b C:\Windows\system32\schannel.dll
MD5: 1a58069db21d05eb2ab58ee5753ebe8d c:\windows\system32\schedsvc.dll
MD5: 0a990afb9f2726323d61c8ecb8b70b17 C:\Windows\system32\security.Dll
MD5: 33ae914c24f546aabf281ba7b138186d C:\Windows\system32\SHELL32.dll
MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\system32\SHLWAPI.dll
MD5: c7230fbee14437716701c15be02c27b8 c:\windows\system32\shsvcs.dll
MD5: 8554097e5136c3bf9f69fe578a1b35f4 C:\Windows\System32\spoolsv.exe
MD5: bf7e4d6f60a6d9e866432855c6f8c262 c:\windows\system32\sqmapi.dll
MD5: 1bf5eebfd518dd7298434d8c862f825d c:\windows\system32\srvsvc.dll
MD5: 452341e471d2d961229dfe0842957272 C:\Windows\system32\SSCORE.DLL
MD5: d24b4bf556c19568d813408597d95ab2 C:\Windows\system32\SynCOM.dll
MD5: d8dbedc3bac11f9ab4bc236e842fd662 C:\Windows\system32\SynTPAPI.dll
MD5: 71f5a7104fdf16c0ac5283a6ce666553 C:\Windows\system32\SYSNTFY.dll
MD5: 2a6a2c09ecc2cb495628e45f1379ece8 C:\Windows\system32\taskcomp.dll
MD5: 3d50c4b10352367d5cb20ed1f50f8da2 C:\Windows\System32\taskeng.exe
MD5: 52e129522c1775dbb8cc252e7a0655c7 C:\Windows\system32\taskschd.dll
MD5: 5091452dc719281cf1dd69367e13b494 C:\Windows\System32\tcpmib.dll
MD5: 45d4135cfa747cdfcf7cb247a6399002 C:\Windows\system32\timedate.cpl
MD5: f8873d15018f411588bec02c1725bada C:\Windows\system32\tspkg.dll
MD5: e45051c374f845edf3db02a35ba13193 C:\Windows\system32\umb.dll
MD5: dfbaadf1b624dc71e88d34d86b3595be C:\Windows\system32\uniplat.dll
MD5: 323907c738229438be1c433c4525fa59 C:\Windows\system32\urlmon.dll
MD5: 0bf0bb276f17b6ad61a8694d2551ec28 C:\Windows\System32\usbmon.dll
MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\system32\USP10.dll
MD5: 6309ca81cce581628250f86d50fa4979 C:\Windows\system32\VBScript.dll
MD5: 84b633c780df58fbf240f37ea776e9e7 C:\Windows\system32\VESWinlogon.dll
MD5: af25ecaa3d7f85dc13e348a6f79ad40d C:\Windows\system32\vss_ps.dll
MD5: dc3ae9f1554dcd97f90983ddbdacd83d C:\Windows\system32\vsstrace.dll
MD5: 83c2f5076e1b4a63c04f2b14ee7cad47 C:\Windows\system32\wbem\wbemdisp.dll
MD5: 2c3b09e586bda2cc49a292be7badc589 C:\Windows\system32\wbem\wmiutils.dll
MD5: e7d0f91e44d9d3b2116fa549bdcdb756 c:\windows\system32\WDSCORE.dll
MD5: 0745d6ead386710110817fbec03f5161 C:\Windows\system32\wfapigp.dll
MD5: 73fe2e5fa55088a241aa2732f5d387d6 C:\Windows\system32\wiarpc.dll
MD5: f7f4ad3d174cb5ec3c12f04c99478b84 C:\Windows\system32\WindowsCodecs.dll
MD5: c9551bc170b717b5c9baeee972bf3409 C:\Windows\system32\WININET.dll
MD5: 101ba3ea053480bb5d957ef37c06b5ed C:\Windows\System32\wininit.exe
MD5: 2d1179cdec6b7400105e68f6ac9b4efe C:\Windows\system32\WINSPOOL.DRV
MD5: 9a7a3bc8dc7e7ecaba2478ced4c38cbd C:\Windows\system32\winsrv.dll
MD5: 23c3a0680042c0d1de1f360f8b62bc57 C:\Windows\System32\wlanext.exe
MD5: 92283d9e33ec5f41ecc0b430b7459241 C:\Windows\system32\wls0wndh.dll
MD5: 0727200f10320a6ba7e59433094fbba7 C:\Windows\system32\WMALFXGFXDSP.dll
MD5: f1ecec53b9ffc30e123d14e087c49111 C:\Windows\system32\wmdrmdev.dll
MD5: d571295b71c60a67f6f2ea987e5cc3b0 C:\Windows\system32\wmdrmnet.dll
MD5: bfe74095684093f14d24801c8c0d16e3 C:\Windows\system32\WMI.dll
MD5: 015e99a7634b93e8bb0380c70f3d2cc3 C:\Windows\system32\wmp.dll
MD5: 9441a231c0aa0712f7cf3b10d9cfcf76 C:\Windows\system32\wmploc.dll
MD5: 648ab74d9c104fb500b6c4eedc6a8772 C:\Windows\system32\wmpmde.dll
MD5: 617f9a5813e69f6e9ed94b811ec75396 C:\Windows\System32\wmpps.dll
MD5: f0321da5203f1e71917f3b7a13dc4912 C:\Windows\system32\WMsgAPI.dll
MD5: a9662bcf218bc76869a8d91635d5f93a C:\Windows\System32\Wpc.dll
MD5: 09c7859269563c240ab2aaab574483dd C:\Windows\System32\WUDFHost.exe
MD5: 399bb52ad0668472717498e97cf28341 c:\windows\system32\WUDFPlatform.dll
MD5: 4b72b5b342ada4de8deea39cce465b58 C:\Windows\system32\WUDFx.dll
MD5: f8de6670a5f7a1676c640925a1112b1e C:\Windows\system32\XOLEHLP.dll
MD5: 3541e083be976294da5e644db122a9a7 c:\windows\system32\ykx32mpcoinst.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 4928ab3a304ddf05c354de3807a4a66b C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80.DLL
MD5: 686b224b4987c22b153fbb545fee9657 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL
MD5: 35acd5ea63d75e97dd0e9a1629e582b2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MD5: b5b09091b0e33c396ceec8995515bd41 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll

No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.03 MB sent, 2.19 KB recvd
Scanned 1173 files and modules - 81 seconds

==============================================================================

Thank You

Willie