BleepingComputer.com: Repeated malware intrusions

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Repeated malware intrusions And a slow computer

#1 User is offline   faith766 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 32
  • Joined: 17-May 11

Posted 06 January 2012 - 12:21 AM

Hello,

I have been directed here by boopme, from this topic >>
My link
I have had multiple malware intrusions such as Security Sphere, and Win 7 Total Security, I also had google redirects.

The most recent one was Security Sphere which I removed using the guide posted here at bleeping computer.
However, the repeated intrusions seemed to come out of nowhere...
So I was wondering if I could be assisted with completely removing any virus, spyware, malware or rootkit that could exist in my computer.

Thank you in advance.

Anyways here is the DDS log and GMER log:

-----------------------------------------------------------DDS---------------------------------------------------------------------------------------------------


DDS (Ver_2011-05-26.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Mihil at 0:07:02 on 2012-01-06
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3037.1894 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\windows\system32\mfevtps.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\UI0Detect.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Users\Mihil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mihil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mihil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mihil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mihil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110108210300.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://mytdsb.on.ca/+CSCOL+/csvrloader32.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/plugins/activex/YoYo.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mihil\appdata\roaming\mozilla\firefox\profiles\82sdjskc.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en&gl=ca#restore
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\bell\internet service advisor\nprpspa.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\mihil\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\mihil\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\mihil\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\mihil\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-8 386840]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-12-22 911680]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 13120]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-21 218688]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-1-8 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-8 164840]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-12-22 2480048]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-7-17 181616]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-9-17 94880]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-8 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-8 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-8 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-8 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-8 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-8 141792]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-7 62832]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 ServicepointService;ServicepointService;c:\program files\bell\internet service advisor\ServicepointService.exe [2011-3-20 689464]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-10 181616]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-5 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-12-22 160704]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-8 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-8 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-8 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-8 313288]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-12-8 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-8 167936]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2009-12-8 859136]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-8-22 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-12-30 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-12-30 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2009-7-24 25112]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-8-1 116136]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-8 84264]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-12-8 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-27 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S4 McOobeSv;McAfee OOBE Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-8 271480]
.
=============== Created Last 30 ================
.
2012-01-05 22:11:36 -------- d-----w- c:\program files\common files\Macrovision Shared
2012-01-03 23:31:16 -------- d-----w- c:\windows\pss
2012-01-02 19:47:59 -------- d--h--w- c:\windows\AxInstSV
2011-12-31 21:14:12 239616 ------r- c:\windows\system32\Hdk3ctnt.dll
2011-12-31 21:10:21 306688 ----a-w- c:\windows\IsUninst.exe
2011-12-31 02:40:14 -------- d-----w- c:\users\mihil\appdata\local\Secunia PSI
2011-12-31 02:40:02 -------- d-----w- c:\program files\Secunia
2011-12-26 03:24:38 -------- d-----w- c:\programdata\dD01300DfJbJ01300
2011-12-25 01:14:24 -------- d-----w- c:\users\mihil\appdata\local\FlashDevelop.old
2011-12-25 01:14:24 -------- d-----w- c:\users\mihil\appdata\local\FlashDevelop
2011-12-24 23:16:09 -------- d-----w- c:\program files\FlashDevelop
2011-12-14 16:20:54 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 16:20:38 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 16:20:17 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 16:20:16 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 16:20:13 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 16:20:12 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
==================== Find3M ====================
.
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 0:08:47.52 ===============

---------------------------------------------------------------------------GMER----------------------------------------------------------------------------------


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-02 23:44:01
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG02
Running: 0tm47gfi.exe; Driver: C:\Users\Mihil\AppData\Local\Temp\kwliypoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8479F0B8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8479F0E2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8479F0CE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8479F0A4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 83847128 5 Bytes JMP 8479F0A8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8385F5D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83884092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwTerminateProcess 83A7E0AD 5 Bytes JMP 8479F0E6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 83A9824B 5 Bytes JMP 8479F0D2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 83A9B446 7 Bytes JMP 8479F0BC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8455E000, 0x3C849, 0xE8000020]
.dsrt C:\windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x845A3000, 0x3DC, 0x48000040]

---- User code sections - GMER 1.0.15 ----

.text C:\windows\System32\svchost.exe[496] ntdll.dll!NtCreateFile 77494870 5 Bytes JMP 003D0000
.text C:\windows\System32\svchost.exe[496] ntdll.dll!NtCreateProcess 77494940 5 Bytes JMP 003D0FCA
.text C:\windows\System32\svchost.exe[496] ntdll.dll!NtProtectVirtualMemory 774951C0 5 Bytes JMP 003D0FE5
.text C:\windows\System32\svchost.exe[496] kernel32.dll!GetStartupInfoA 76B81DF0 5 Bytes JMP 001E0F5A
.text C:\windows\System32\svchost.exe[496] kernel32.dll!CreateProcessW 76B8202D 5 Bytes JMP 001E00AF
.text C:\windows\System32\svchost.exe[496] kernel32.dll!CreateProcessA 76B82062 5 Bytes JMP 001E0094
.text C:\windows\System32\svchost.exe[496] kernel32.dll!CreateNamedPipeW 76BB1FEE 5 Bytes JMP 001E0FBC
.text C:\windows\System32\svchost.exe[496] kernel32.dll!CreatePipe 76BB4AAB 5 Bytes JMP 001E0F6B
.text C:\windows\System32\svchost.exe[496] kernel32.dll!VirtualProtect 76BC50CB 5 Bytes JMP 001E005E
.text C:\windows\System32\svchost.exe[496] kernel32.dll!LoadLibraryExW 76BCB647 5 Bytes JMP 001E0F86
.text C:\windows\System32\svchost.exe[496] kernel32.dll!LoadLibraryExA 76BCBC13 5 Bytes JMP 001E0F97
.text C:\windows\System32\svchost.exe[496] kernel32.dll!CreateFileW 76BD0AFD 5 Bytes JMP 001E0FDE
.text C:\windows\System32\svchost.exe[496] kernel32.dll!GetProcAddress 76BD17D7 5 Bytes JMP 001E00CA
.text C:\windows\System32\svchost.exe[496] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 001E0028
.text C:\windows\System32\svchost.exe[496] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 001E0039
.text C:\windows\System32\svchost.exe[496] kernel32.dll!CreateFileA 76BD289C 5 Bytes JMP 001E0FEF
.text C:\windows\System32\svchost.exe[496] kernel32.dll!GetStartupInfoW 76BD7C55 5 Bytes JMP 001E0F35
.text C:\windows\System32\svchost.exe[496] kernel32.dll!CreateNamedPipeA 76C0D577 5 Bytes JMP 001E0FCD
.text C:\windows\System32\svchost.exe[496] kernel32.dll!WinExec 76C0E739 5 Bytes JMP 001E0F24
.text C:\windows\System32\svchost.exe[496] kernel32.dll!VirtualProtectEx 76C0F6F1 5 Bytes JMP 001E0083
.text C:\windows\System32\svchost.exe[496] msvcrt.dll!_open 775F7E48 5 Bytes JMP 00430000
.text C:\windows\System32\svchost.exe[496] msvcrt.dll!_wsystem 7762B04F 5 Bytes JMP 0043004C
.text C:\windows\System32\svchost.exe[496] msvcrt.dll!system 7762B16F 5 Bytes JMP 00430FC1
.text C:\windows\System32\svchost.exe[496] msvcrt.dll!_creat 7762ED29 5 Bytes JMP 00430FE3
.text C:\windows\System32\svchost.exe[496] msvcrt.dll!_wcreat 7763038E 5 Bytes JMP 00430FD2
.text C:\windows\System32\svchost.exe[496] msvcrt.dll!_wopen 77630570 5 Bytes JMP 0043001D
.text C:\windows\System32\svchost.exe[496] WS2_32.dll!socket 77013F00 5 Bytes JMP 003E0FEF
.text C:\windows\System32\svchost.exe[496] ADVAPI32.dll!RegOpenKeyA 7725D2ED 5 Bytes JMP 001F0FEF
.text C:\windows\System32\svchost.exe[496] ADVAPI32.dll!RegCreateKeyA 7725D3C1 5 Bytes JMP 001F0040
.text C:\windows\System32\svchost.exe[496] ADVAPI32.dll!RegCreateKeyExA 77261B71 5 Bytes JMP 001F0FB9
.text C:\windows\System32\svchost.exe[496] ADVAPI32.dll!RegCreateKeyW 77261CC0 5 Bytes JMP 001F0051
.text C:\windows\System32\svchost.exe[496] ADVAPI32.dll!RegOpenKeyW 77263129 5 Bytes JMP 001F000A
.text C:\windows\System32\svchost.exe[496] ADVAPI32.dll!RegCreateKeyExW 7726B946 5 Bytes JMP 001F0FA8
.text C:\windows\System32\svchost.exe[496] ADVAPI32.dll!RegOpenKeyExA 7726BC0D 5 Bytes JMP 001F002F
.text C:\windows\System32\svchost.exe[496] ADVAPI32.dll!RegOpenKeyExW 7726BEC4 5 Bytes JMP 001F0FD4
.text C:\windows\System32\svchost.exe[496] WININET.dll!InternetOpenA 759A4E3C 5 Bytes JMP 00190FE5
.text C:\windows\System32\svchost.exe[496] WININET.dll!InternetOpenUrlA 759ABFDE 5 Bytes JMP 0019001B
.text C:\windows\System32\svchost.exe[496] WININET.dll!InternetOpenW 759DC126 5 Bytes JMP 0019000A
.text C:\windows\System32\svchost.exe[496] WININET.dll!InternetOpenUrlW 75A0D8D2 5 Bytes JMP 00190FCA
.text C:\windows\system32\services.exe[928] ntdll.dll!NtCreateFile 77494870 5 Bytes JMP 0031000A
.text C:\windows\system32\services.exe[928] ntdll.dll!NtCreateProcess 77494940 5 Bytes JMP 00310FD4
.text C:\windows\system32\services.exe[928] ntdll.dll!NtProtectVirtualMemory 774951C0 5 Bytes JMP 00310FE5
.text C:\windows\system32\services.exe[928] kernel32.dll!GetStartupInfoA 76B81DF0 5 Bytes JMP 00100F79
.text C:\windows\system32\services.exe[928] kernel32.dll!CreateProcessW 76B8202D 5 Bytes JMP 00100F5E
.text C:\windows\system32\services.exe[928] kernel32.dll!CreateProcessA 76B82062 5 Bytes JMP 001000E9
.text C:\windows\system32\services.exe[928] kernel32.dll!CreateNamedPipeW 76BB1FEE 5 Bytes JMP 00100FC0
.text C:\windows\system32\services.exe[928] kernel32.dll!CreatePipe 76BB4AAB 5 Bytes JMP 001000A2
.text C:\windows\system32\services.exe[928] kernel32.dll!VirtualProtect 76BC50CB 5 Bytes JMP 00100062
.text C:\windows\system32\services.exe[928] kernel32.dll!LoadLibraryExW 76BCB647 5 Bytes JMP 00100051
.text C:\windows\system32\services.exe[928] kernel32.dll!LoadLibraryExA 76BCBC13 5 Bytes JMP 00100036
.text C:\windows\system32\services.exe[928] kernel32.dll!CreateFileW 76BD0AFD 5 Bytes JMP 00100000
.text C:\windows\system32\services.exe[928] kernel32.dll!GetProcAddress 76BD17D7 5 Bytes JMP 00100F43
.text C:\windows\system32\services.exe[928] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 00100FAF
.text C:\windows\system32\services.exe[928] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 00100F94
.text C:\windows\system32\services.exe[928] kernel32.dll!CreateFileA 76BD289C 5 Bytes JMP 00100FE5
.text C:\windows\system32\services.exe[928] kernel32.dll!GetStartupInfoW 76BD7C55 5 Bytes JMP 001000C7
.text C:\windows\system32\services.exe[928] kernel32.dll!CreateNamedPipeA 76C0D577 5 Bytes JMP 00100011
.text C:\windows\system32\services.exe[928] kernel32.dll!WinExec 76C0E739 5 Bytes JMP 001000D8
.text C:\windows\system32\services.exe[928] kernel32.dll!VirtualProtectEx 76C0F6F1 5 Bytes JMP 00100087
.text C:\windows\system32\services.exe[928] msvcrt.dll!_open 775F7E48 5 Bytes JMP 00380FEF
.text C:\windows\system32\services.exe[928] msvcrt.dll!_wsystem 7762B04F 5 Bytes JMP 00380FC3
.text C:\windows\system32\services.exe[928] msvcrt.dll!system 7762B16F 5 Bytes JMP 0038004E
.text C:\windows\system32\services.exe[928] msvcrt.dll!_creat 7762ED29 5 Bytes JMP 00380018
.text C:\windows\system32\services.exe[928] msvcrt.dll!_wcreat 7763038E 5 Bytes JMP 00380033
.text C:\windows\system32\services.exe[928] msvcrt.dll!_wopen 77630570 5 Bytes JMP 00380FDE
.text C:\windows\system32\services.exe[928] ADVAPI32.dll!RegOpenKeyA 7725D2ED 5 Bytes JMP 0033000A
.text C:\windows\system32\services.exe[928] ADVAPI32.dll!RegCreateKeyA 7725D3C1 5 Bytes JMP 00330040
.text C:\windows\system32\services.exe[928] ADVAPI32.dll!RegCreateKeyExA 77261B71 5 Bytes JMP 00330062
.text C:\windows\system32\services.exe[928] ADVAPI32.dll!RegCreateKeyW 77261CC0 5 Bytes JMP 00330051
.text C:\windows\system32\services.exe[928] ADVAPI32.dll!RegOpenKeyW 77263129 5 Bytes JMP 00330025
.text C:\windows\system32\services.exe[928] ADVAPI32.dll!RegCreateKeyExW 7726B946 5 Bytes JMP 00330FA5
.text C:\windows\system32\services.exe[928] ADVAPI32.dll!RegOpenKeyExA 7726BC0D 5 Bytes JMP 00330FEF
.text C:\windows\system32\services.exe[928] ADVAPI32.dll!RegOpenKeyExW 7726BEC4 5 Bytes JMP 00330FD4
.text C:\windows\system32\services.exe[928] WS2_32.dll!socket 77013F00 5 Bytes JMP 00320000
.text C:\windows\system32\lsass.exe[956] ntdll.dll!NtCreateFile 77494870 5 Bytes JMP 000D000A
.text C:\windows\system32\lsass.exe[956] ntdll.dll!NtCreateProcess 77494940 5 Bytes JMP 000D001B
.text C:\windows\system32\lsass.exe[956] ntdll.dll!NtProtectVirtualMemory 774951C0 5 Bytes JMP 000D0FE5
.text C:\windows\system32\lsass.exe[956] kernel32.dll!GetStartupInfoA 76B81DF0 5 Bytes JMP 000C0087
.text C:\windows\system32\lsass.exe[956] kernel32.dll!CreateProcessW 76B8202D 5 Bytes JMP 000C00E9
.text C:\windows\system32\lsass.exe[956] kernel32.dll!CreateProcessA 76B82062 5 Bytes JMP 000C00CE
.text C:\windows\system32\lsass.exe[956] kernel32.dll!CreateNamedPipeW 76BB1FEE 5 Bytes JMP 000C0014
.text C:\windows\system32\lsass.exe[956] kernel32.dll!CreatePipe 76BB4AAB 5 Bytes JMP 000C0076
.text C:\windows\system32\lsass.exe[956] kernel32.dll!VirtualProtect 76BC50CB 5 Bytes JMP 000C0F68
.text C:\windows\system32\lsass.exe[956] kernel32.dll!LoadLibraryExW 76BCB647 5 Bytes JMP 000C0040
.text C:\windows\system32\lsass.exe[956] kernel32.dll!LoadLibraryExA 76BCBC13 5 Bytes JMP 000C0F8D
.text C:\windows\system32\lsass.exe[956] kernel32.dll!CreateFileW 76BD0AFD 5 Bytes JMP 000C0FDE
.text C:\windows\system32\lsass.exe[956] kernel32.dll!GetProcAddress 76BD17D7 5 Bytes JMP 000C0104
.text C:\windows\system32\lsass.exe[956] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 000C0FA8
.text C:\windows\system32\lsass.exe[956] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 000C002F
.text C:\windows\system32\lsass.exe[956] kernel32.dll!CreateFileA 76BD289C 5 Bytes JMP 000C0FEF
.text C:\windows\system32\lsass.exe[956] kernel32.dll!GetStartupInfoW 76BD7C55 5 Bytes JMP 000C00A2
.text C:\windows\system32\lsass.exe[956] kernel32.dll!CreateNamedPipeA 76C0D577 5 Bytes JMP 000C0FC3
.text C:\windows\system32\lsass.exe[956] kernel32.dll!WinExec 76C0E739 5 Bytes JMP 000C00BD
.text C:\windows\system32\lsass.exe[956] kernel32.dll!VirtualProtectEx 76C0F6F1 5 Bytes JMP 000C005B
.text C:\windows\system32\lsass.exe[956] msvcrt.dll!_open 775F7E48 5 Bytes JMP 00630FE3
.text C:\windows\system32\lsass.exe[956] msvcrt.dll!_wsystem 7762B04F 5 Bytes JMP 00630F90
.text C:\windows\system32\lsass.exe[956] msvcrt.dll!system 7762B16F 5 Bytes JMP 0063001B
.text C:\windows\system32\lsass.exe[956] msvcrt.dll!_creat 7762ED29 5 Bytes JMP 00630FC6
.text C:\windows\system32\lsass.exe[956] msvcrt.dll!_wcreat 7763038E 5 Bytes JMP 00630FAB
.text C:\windows\system32\lsass.exe[956] msvcrt.dll!_wopen 77630570 5 Bytes JMP 00630000
.text C:\windows\system32\lsass.exe[956] ADVAPI32.dll!RegOpenKeyA 7725D2ED 5 Bytes JMP 000F0FEF
.text C:\windows\system32\lsass.exe[956] ADVAPI32.dll!RegCreateKeyA 7725D3C1 5 Bytes JMP 000F002C
.text C:\windows\system32\lsass.exe[956] ADVAPI32.dll!RegCreateKeyExA 77261B71 5 Bytes JMP 000F0F9B
.text C:\windows\system32\lsass.exe[956] ADVAPI32.dll!RegCreateKeyW 77261CC0 5 Bytes JMP 000F003D
.text C:\windows\system32\lsass.exe[956] ADVAPI32.dll!RegOpenKeyW 77263129 5 Bytes JMP 000F0000
.text C:\windows\system32\lsass.exe[956] ADVAPI32.dll!RegCreateKeyExW 7726B946 5 Bytes JMP 000F0F80
.text C:\windows\system32\lsass.exe[956] ADVAPI32.dll!RegOpenKeyExA 7726BC0D 5 Bytes JMP 000F0FCA
.text C:\windows\system32\lsass.exe[956] ADVAPI32.dll!RegOpenKeyExW 7726BEC4 5 Bytes JMP 000F0011
.text C:\windows\system32\lsass.exe[956] WS2_32.dll!socket 77013F00 5 Bytes JMP 000E0000
.text C:\windows\system32\svchost.exe[1068] ntdll.dll!NtCreateFile 77494870 5 Bytes JMP 001B0000
.text C:\windows\system32\svchost.exe[1068] ntdll.dll!NtCreateProcess 77494940 5 Bytes JMP 001B002C
.text C:\windows\system32\svchost.exe[1068] ntdll.dll!NtProtectVirtualMemory 774951C0 5 Bytes JMP 001B001B
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoA 76B81DF0 5 Bytes JMP 001A0F3C
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 76B8202D 5 Bytes JMP 001A00A5
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 76B82062 5 Bytes JMP 001A0094
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeW 76BB1FEE 5 Bytes JMP 001A0FC3
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!CreatePipe 76BB4AAB 5 Bytes JMP 001A0F57
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!VirtualProtect 76BC50CB 5 Bytes JMP 001A0F72
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 76BCB647 5 Bytes JMP 001A0F8D
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExA 76BCBC13 5 Bytes JMP 001A0040
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateFileW 76BD0AFD 5 Bytes JMP 001A0000
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!GetProcAddress 76BD17D7 5 Bytes JMP 001A00B6
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 001A002F
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 001A0FA8
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateFileA 76BD289C 5 Bytes JMP 001A0FE5
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoW 76BD7C55 5 Bytes JMP 001A0F2B
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeA 76C0D577 5 Bytes JMP 001A0FD4
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!WinExec 76C0E739 5 Bytes JMP 001A0F1A
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!VirtualProtectEx 76C0F6F1 5 Bytes JMP 001A0065
.text C:\windows\system32\svchost.exe[1068] msvcrt.dll!_open 775F7E48 5 Bytes JMP 003A0000
.text C:\windows\system32\svchost.exe[1068] msvcrt.dll!_wsystem 7762B04F 5 Bytes JMP 003A0064
.text C:\windows\system32\svchost.exe[1068] msvcrt.dll!system 7762B16F 5 Bytes JMP 003A0053
.text C:\windows\system32\svchost.exe[1068] msvcrt.dll!_creat 7762ED29 5 Bytes JMP 003A0FE3
.text C:\windows\system32\svchost.exe[1068] msvcrt.dll!_wcreat 7763038E 5 Bytes JMP 003A0038
.text C:\windows\system32\svchost.exe[1068] msvcrt.dll!_wopen 77630570 5 Bytes JMP 003A001D
.text C:\windows\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyA 7725D2ED 5 Bytes JMP 00290FE5
.text C:\windows\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyA 7725D3C1 5 Bytes JMP 00290FA8
.text C:\windows\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExA 77261B71 5 Bytes JMP 00290039
.text C:\windows\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW 77261CC0 5 Bytes JMP 00290F97
.text C:\windows\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyW 77263129 5 Bytes JMP 00290FCA
.text C:\windows\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExW 7726B946 5 Bytes JMP 00290F7C
.text C:\windows\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExA 7726BC0D 5 Bytes JMP 0029000A
.text C:\windows\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExW 7726BEC4 5 Bytes JMP 00290FB9
.text C:\windows\system32\svchost.exe[1068] WS2_32.dll!socket 77013F00 5 Bytes JMP 00280FEF
.text C:\windows\system32\svchost.exe[1156] ntdll.dll!NtCreateFile 77494870 5 Bytes JMP 00200FEF
.text C:\windows\system32\svchost.exe[1156] ntdll.dll!NtCreateProcess 77494940 5 Bytes JMP 0020000A
.text C:\windows\system32\svchost.exe[1156] ntdll.dll!NtProtectVirtualMemory 774951C0 5 Bytes JMP 00200FD4
.text C:\windows\system32\svchost.exe[1156] kernel32.dll!GetStartupInfoA 76B81DF0 5 Bytes JMP 001A0F76
.text C:\windows\system32\svchost.exe[1156] kernel32.dll!CreateProcessW 76B8202D 5 Bytes JMP 001A00DF
.text C:\windows\system32\svchost.exe[1156] kernel32.dll!CreateProcessA 76B82062 5 Bytes JMP 001A0F40
.text C:\windows\system32\svchost.exe[1156] kernel32.dll!CreateNamedPipeW 76BB1FEE 5 Bytes JMP 001A0047
.text C:\windows\system32\svchost.exe[1156] kernel32.dll!CreatePipe 76BB4AAB 5 Bytes JMP 001A0F87
.text C:\windows\system32\svchost.exe[1156] kernel32.dll!VirtualProtect 76BC50CB 5 Bytes JMP 001A008E
.text C:\windows\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 76BCB647 5 Bytes JMP 001A0073
.text C:\windows\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExA 76BCBC13 5 Bytes JMP 001A0FC0
.text C:\windows\system32\svchost.exe[1156] kernel32.dll!CreateFileW 76BD0AFD 5 Bytes JMP 001A001B
.text C:\windows\system32\svchost.exe[1156] kernel32.dll!GetProcAddress 76BD17D7 5 Bytes JMP 001A0F2F
.text C:\windows\system32\svchost.exe[1156] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 001A0FD1
.text C:\windows\system32\svchost.exe[1156] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 001A0062
.text C:\windows\system32\svchost.exe[1156] kernel32.dll!CreateFileA 76BD289C 5 Bytes JMP 001A000A
.text C:\windows\system32\svchost.exe[1156] kernel32.dll!GetStartupInfoW 76BD7C55 5 Bytes JMP 001A00BA
.text C:\windows\system32\svchost.exe[1156] kernel32.dll!CreateNamedPipeA 76C0D577 5 Bytes JMP 001A0036
.text C:\windows\system32\svchost.exe[1156] kernel32.dll!WinExec 76C0E739 5 Bytes JMP 001A0F5B
.text C:\windows\system32\svchost.exe[1156] kernel32.dll!VirtualProtectEx 76C0F6F1 5 Bytes JMP 001A009F
.text C:\windows\system32\svchost.exe[1156] msvcrt.dll!_open 775F7E48 5 Bytes JMP 00390FEF
.text C:\windows\system32\svchost.exe[1156] msvcrt.dll!_wsystem 7762B04F 5 Bytes JMP 00390F9A
.text C:\windows\system32\svchost.exe[1156] msvcrt.dll!system 7762B16F 5 Bytes JMP 00390FAB
.text C:\windows\system32\svchost.exe[1156] msvcrt.dll!_creat 7762ED29 5 Bytes JMP 00390000
.text C:\windows\system32\svchost.exe[1156] msvcrt.dll!_wcreat 7763038E 5 Bytes JMP 0039001B
.text C:\windows\system32\svchost.exe[1156] msvcrt.dll!_wopen 77630570 5 Bytes JMP 00390FC6
.text C:\windows\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyA 7725D2ED 5 Bytes JMP 00280000
.text C:\windows\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyA 7725D3C1 5 Bytes JMP 00280FD4
.text C:\windows\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExA 77261B71 5 Bytes JMP 00280F9E
.text C:\windows\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyW 77261CC0 5 Bytes JMP 00280FB9
.text C:\windows\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyW 77263129 5 Bytes JMP 0028001B
.text C:\windows\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExW 7726B946 5 Bytes JMP 00280F8D
.text C:\windows\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExA 7726BC0D 5 Bytes JMP 00280FE5
.text C:\windows\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExW 7726BEC4 5 Bytes JMP 00280040
.text C:\windows\system32\svchost.exe[1156] WS2_32.dll!socket 77013F00 5 Bytes JMP 00270FE5
.text C:\windows\System32\svchost.exe[1212] ntdll.dll!NtCreateFile 77494870 5 Bytes JMP 00E40000
.text C:\windows\System32\svchost.exe[1212] ntdll.dll!NtCreateProcess 77494940 5 Bytes JMP 00E4002F
.text C:\windows\System32\svchost.exe[1212] ntdll.dll!NtProtectVirtualMemory 774951C0 5 Bytes JMP 00E40FEF
.text C:\windows\System32\svchost.exe[1212] kernel32.dll!GetStartupInfoA 76B81DF0 5 Bytes JMP 00A6006C
.text C:\windows\System32\svchost.exe[1212] kernel32.dll!CreateProcessW 76B8202D 5 Bytes JMP 00A60F03
.text C:\windows\System32\svchost.exe[1212] kernel32.dll!CreateProcessA 76B82062 5 Bytes JMP 00A60098
.text C:\windows\System32\svchost.exe[1212] kernel32.dll!CreateNamedPipeW 76BB1FEE 5 Bytes JMP 00A60011
.text C:\windows\System32\svchost.exe[1212] kernel32.dll!CreatePipe 76BB4AAB 5 Bytes JMP 00A60F43
.text C:\windows\System32\svchost.exe[1212] kernel32.dll!VirtualProtect 76BC50CB 5 Bytes JMP 00A60F6F
.text C:\windows\System32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 76BCB647 5 Bytes JMP 00A60F8A
.text C:\windows\System32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 76BCBC13 5 Bytes JMP 00A60047
.text C:\windows\System32\svchost.exe[1212] kernel32.dll!CreateFileW 76BD0AFD 5 Bytes JMP 00A60FCA
.text C:\windows\System32\svchost.exe[1212] kernel32.dll!GetProcAddress 76BD17D7 5 Bytes JMP 00A60EE8
.text C:\windows\System32\svchost.exe[1212] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 00A60FA5
.text C:\windows\System32\svchost.exe[1212] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 00A6002C
.text C:\windows\System32\svchost.exe[1212] kernel32.dll!CreateFileA 76BD289C 5 Bytes JMP 00A60FEF
.text C:\windows\System32\svchost.exe[1212] kernel32.dll!GetStartupInfoW 76BD7C55 5 Bytes JMP 00A60F1E
.text C:\windows\System32\svchost.exe[1212] kernel32.dll!CreateNamedPipeA 76C0D577 5 Bytes JMP 00A60000
.text C:\windows\System32\svchost.exe[1212] kernel32.dll!WinExec 76C0E739 5 Bytes JMP 00A6007D
.text C:\windows\System32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 76C0F6F1 5 Bytes JMP 00A60F5E
.text C:\windows\System32\svchost.exe[1212] msvcrt.dll!_open 775F7E48 5 Bytes JMP 00EF0FE3
.text C:\windows\System32\svchost.exe[1212] msvcrt.dll!_wsystem 7762B04F 5 Bytes JMP 00EF0FAD
.text C:\windows\System32\svchost.exe[1212] msvcrt.dll!system 7762B16F 5 Bytes JMP 00EF0038
.text C:\windows\System32\svchost.exe[1212] msvcrt.dll!_creat 7762ED29 5 Bytes JMP 00EF000C
.text C:\windows\System32\svchost.exe[1212] msvcrt.dll!_wcreat 7763038E 3 Bytes JMP 00EF0027
.text C:\windows\System32\svchost.exe[1212] msvcrt.dll!_wcreat + 4 77630392 1 Byte [89]
.text C:\windows\System32\svchost.exe[1212] msvcrt.dll!_wopen 77630570 5 Bytes JMP 00EF0FD2
.text C:\windows\System32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyA 7725D2ED 5 Bytes JMP 00EE000A
.text C:\windows\System32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyA 7725D3C1 5 Bytes JMP 00EE0039
.text C:\windows\System32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExA 77261B71 5 Bytes JMP 00EE0FA1
.text C:\windows\System32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW 77261CC0 5 Bytes JMP 00EE0FB2
.text C:\windows\System32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyW 77263129 5 Bytes JMP 00EE0FEF
.text C:\windows\System32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExW 7726B946 5 Bytes JMP 00EE005E
.text C:\windows\System32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExA 7726BC0D 5 Bytes JMP 00EE0FDE
.text C:\windows\System32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExW 7726BEC4 5 Bytes JMP 00EE0FCD
.text C:\windows\System32\svchost.exe[1212] WS2_32.dll!socket 77013F00 5 Bytes JMP 00ED0FE5
.text C:\windows\System32\svchost.exe[1264] ntdll.dll!NtCreateFile 77494870 5 Bytes JMP 009F0FEF
.text C:\windows\System32\svchost.exe[1264] ntdll.dll!NtCreateProcess 77494940 5 Bytes JMP 009F0FD4
.text C:\windows\System32\svchost.exe[1264] ntdll.dll!NtProtectVirtualMemory 774951C0 5 Bytes JMP 009F000A
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!GetStartupInfoA 76B81DF0 5 Bytes JMP 009200D8
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!CreateProcessW 76B8202D 5 Bytes JMP 009200F3
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!CreateProcessA 76B82062 5 Bytes JMP 00920F68
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!CreateNamedPipeW 76BB1FEE 5 Bytes JMP 00920051
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!CreatePipe 76BB4AAB 5 Bytes JMP 009200C7
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!VirtualProtect 76BC50CB 5 Bytes JMP 0092009B
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!LoadLibraryExW 76BCB647 5 Bytes JMP 00920FB9
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!LoadLibraryExA 76BCBC13 5 Bytes JMP 00920080
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!CreateFileW 76BD0AFD 5 Bytes JMP 00920025
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!GetProcAddress 76BD17D7 5 Bytes JMP 00920F39
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 00920FE5
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 00920FD4
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!CreateFileA 76BD289C 5 Bytes JMP 0092000A
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!GetStartupInfoW 76BD7C55 5 Bytes JMP 00920F9E
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!CreateNamedPipeA 76C0D577 5 Bytes JMP 00920040
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!WinExec 76C0E739 5 Bytes JMP 00920F83
.text C:\windows\System32\svchost.exe[1264] kernel32.dll!VirtualProtectEx 76C0F6F1 5 Bytes JMP 009200AC
.text C:\windows\System32\svchost.exe[1264] msvcrt.dll!_open 775F7E48 5 Bytes JMP 00D30000
.text C:\windows\System32\svchost.exe[1264] msvcrt.dll!_wsystem 7762B04F 5 Bytes JMP 00D3004A
.text C:\windows\System32\svchost.exe[1264] msvcrt.dll!system 7762B16F 5 Bytes JMP 00D30FB5
.text C:\windows\System32\svchost.exe[1264] msvcrt.dll!_creat 7762ED29 5 Bytes JMP 00D30011
.text C:\windows\System32\svchost.exe[1264] msvcrt.dll!_wcreat 7763038E 5 Bytes JMP 00D30FC6
.text C:\windows\System32\svchost.exe[1264] msvcrt.dll!_wopen 77630570 5 Bytes JMP 00D30FD7
.text C:\windows\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyA 7725D2ED 5 Bytes JMP 00A10000
.text C:\windows\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyA 7725D3C1 5 Bytes JMP 00A10FAF
.text C:\windows\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExA 77261B71 5 Bytes JMP 00A10036
.text C:\windows\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyW 77261CC0 5 Bytes JMP 00A10F9E
.text C:\windows\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyW 77263129 5 Bytes JMP 00A1001B
.text C:\windows\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExW 7726B946 5 Bytes JMP 00A10051
.text C:\windows\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExA 7726BC0D 5 Bytes JMP 00A10FE5
.text C:\windows\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExW 7726BEC4 5 Bytes JMP 00A10FD4
.text C:\windows\System32\svchost.exe[1264] WS2_32.dll!socket 77013F00 5 Bytes JMP 00A00FEF
.text C:\windows\system32\svchost.exe[1292] ntdll.dll!NtCreateFile 77494870 5 Bytes JMP 00D60000
.text C:\windows\system32\svchost.exe[1292] ntdll.dll!NtCreateProcess 77494940 5 Bytes JMP 00D60FD4
.text C:\windows\system32\svchost.exe[1292] ntdll.dll!NtProtectVirtualMemory 774951C0 5 Bytes JMP 00D60FEF
.text C:\windows\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoA 76B81DF0 5 Bytes JMP 00D50F97
.text C:\windows\system32\svchost.exe[1292] kernel32.dll!CreateProcessW 76B8202D 5 Bytes JMP 00D50F46
.text C:\windows\system32\svchost.exe[1292] kernel32.dll!CreateProcessA 76B82062 5 Bytes JMP 00D50F61
.text C:\windows\system32\svchost.exe[1292] kernel32.dll!CreateNamedPipeW 76BB1FEE 5 Bytes JMP 00D50040
.text C:\windows\system32\svchost.exe[1292] kernel32.dll!CreatePipe 76BB4AAB 5 Bytes JMP 00D50FA8
.text C:\windows\system32\svchost.exe[1292] kernel32.dll!VirtualProtect 76BC50CB 5 Bytes JMP 00D50FC3
.text C:\windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 76BCB647 5 Bytes JMP 00D5009B
.text C:\windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 76BCBC13 5 Bytes JMP 00D50FDE
.text C:\windows\system32\svchost.exe[1292] kernel32.dll!CreateFileW 76BD0AFD 5 Bytes JMP 00D5000A
.text C:\windows\system32\svchost.exe[1292] kernel32.dll!GetProcAddress 76BD17D7 5 Bytes JMP 00D500F6
.text C:\windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 00D50065
.text C:\windows\system32\svchost.exe[1292] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 00D50076
.text C:\windows\system32\svchost.exe[1292] kernel32.dll!CreateFileA 76BD289C 5 Bytes JMP 00D50FEF
.text C:\windows\system32\svchost.exe[1292] kernel32.dll!GetStartupInfoW 76BD7C55 5 Bytes JMP 00D500DB
.text C:\windows\system32\svchost.exe[1292] kernel32.dll!CreateNamedPipeA 76C0D577 5 Bytes JMP 00D50025
.text C:\windows\system32\svchost.exe[1292] kernel32.dll!WinExec 76C0E739 5 Bytes JMP 00D50F72
.text C:\windows\system32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 76C0F6F1 5 Bytes JMP 00D500B6
.text C:\windows\system32\svchost.exe[1292] msvcrt.dll!_open 775F7E48 5 Bytes JMP 00E40FEF
.text C:\windows\system32\svchost.exe[1292] msvcrt.dll!_wsystem 7762B04F 5 Bytes JMP 00E40045
.text C:\windows\system32\svchost.exe[1292] msvcrt.dll!system 7762B16F 5 Bytes JMP 00E40FB0
.text C:\windows\system32\svchost.exe[1292] msvcrt.dll!_creat 7762ED29 5 Bytes JMP 00E4000C
.text C:\windows\system32\svchost.exe[1292] msvcrt.dll!_wcreat 7763038E 5 Bytes JMP 00E40FC1
.text C:\windows\system32\svchost.exe[1292] msvcrt.dll!_wopen 77630570 5 Bytes JMP 00E40FD2
.text C:\windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyA 7725D2ED 5 Bytes JMP 00D80FE5
.text C:\windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyA 7725D3C1 5 Bytes JMP 00D8000A
.text C:\windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExA 77261B71 5 Bytes JMP 00D8001B
.text C:\windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyW 77261CC0 5 Bytes JMP 00D80F83
.text C:\windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyW 77263129 5 Bytes JMP 00D80FD4
.text C:\windows\system32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExW 7726B946 5 Bytes JMP 00D8002C
.text C:\windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExA 7726BC0D 5 Bytes JMP 00D80FB9
.text C:\windows\system32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExW 7726BEC4 5 Bytes JMP 00D80FA8
.text C:\windows\system32\svchost.exe[1292] WS2_32.dll!socket 77013F00 5 Bytes JMP 00D70FE5
.text C:\windows\system32\svchost.exe[1400] ntdll.dll!NtCreateFile 77494870 5 Bytes JMP 0095000A
.text C:\windows\system32\svchost.exe[1400] ntdll.dll!NtCreateProcess 77494940 5 Bytes JMP 00950025
.text C:\windows\system32\svchost.exe[1400] ntdll.dll!NtProtectVirtualMemory 774951C0 5 Bytes JMP 00950FEF
.text C:\windows\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 76B81DF0 5 Bytes JMP 00550F54
.text C:\windows\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 76B8202D 5 Bytes JMP 00550F1E
.text C:\windows\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 76B82062 5 Bytes JMP 005500B3
.text C:\windows\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 76BB1FEE 5 Bytes JMP 00550FCA
.text C:\windows\system32\svchost.exe[1400] kernel32.dll!CreatePipe 76BB4AAB 5 Bytes JMP 0055007D
.text C:\windows\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 76BC50CB 5 Bytes JMP 00550F79
.text C:\windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 76BCB647 5 Bytes JMP 00550051
.text C:\windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 76BCBC13 5 Bytes JMP 00550040
.text C:\windows\system32\svchost.exe[1400] kernel32.dll!CreateFileW 76BD0AFD 5 Bytes JMP 00550FE5
.text C:\windows\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 76BD17D7 5 Bytes JMP 00550F0D
.text C:\windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 00550FB9
.text C:\windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 00550F9E
.text C:\windows\system32\svchost.exe[1400] kernel32.dll!CreateFileA 76BD289C 5 Bytes JMP 00550000
.text C:\windows\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 76BD7C55 5 Bytes JMP 00550F43
.text C:\windows\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 76C0D577 5 Bytes JMP 0055001B
.text C:\windows\system32\svchost.exe[1400] kernel32.dll!WinExec 76C0E739 5 Bytes JMP 005500A2
.text C:\windows\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 76C0F6F1 5 Bytes JMP 0055006C
.text C:\windows\system32\svchost.exe[1400] msvcrt.dll!_open 775F7E48 5 Bytes JMP 00A4000C
.text C:\windows\system32\svchost.exe[1400] msvcrt.dll!_wsystem 7762B04F 5 Bytes JMP 00A40033
.text C:\windows\system32\svchost.exe[1400] msvcrt.dll!system 7762B16F 5 Bytes JMP 00A40FB2
.text C:\windows\system32\svchost.exe[1400] msvcrt.dll!_creat 7762ED29 5 Bytes JMP 00A40FDE
.text C:\windows\system32\svchost.exe[1400] msvcrt.dll!_wcreat 7763038E 5 Bytes JMP 00A40FC3
.text C:\windows\system32\svchost.exe[1400] msvcrt.dll!_wopen 77630570 5 Bytes JMP 00A40FEF
.text C:\windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 7725D2ED 5 Bytes JMP 00970000
.text C:\windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 7725D3C1 5 Bytes JMP 00970FC0
.text C:\windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77261B71 5 Bytes JMP 00970F94
.text C:\windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 77261CC0 5 Bytes JMP 00970FA5
.text C:\windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 77263129 5 Bytes JMP 0097001B
.text C:\windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 7726B946 5 Bytes JMP 00970F83
.text C:\windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 7726BC0D 5 Bytes JMP 00970FE5
.text C:\windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 7726BEC4 5 Bytes JMP 0097002C
.text C:\windows\system32\svchost.exe[1400] WS2_32.dll!socket 77013F00 5 Bytes JMP 00960FE5
.text C:\windows\system32\svchost.exe[1496] ntdll.dll!NtCreateFile 77494870 5 Bytes JMP 008F0FE5
.text C:\windows\system32\svchost.exe[1496] ntdll.dll!NtCreateProcess 77494940 5 Bytes JMP 008F0FAF
.text C:\windows\system32\svchost.exe[1496] ntdll.dll!NtProtectVirtualMemory 774951C0 5 Bytes JMP 008F0FCA
.text C:\windows\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoA 76B81DF0 5 Bytes JMP 00890F6F
.text C:\windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessW 76B8202D 5 Bytes JMP 008900FA
.text C:\windows\system32\svchost.exe[1496] kernel32.dll!CreateProcessA 76B82062 5 Bytes JMP 008900DF
.text C:\windows\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeW 76BB1FEE 5 Bytes JMP 00890040
.text C:\windows\system32\svchost.exe[1496] kernel32.dll!CreatePipe 76BB4AAB 5 Bytes JMP 0089008E
.text C:\windows\system32\svchost.exe[1496] kernel32.dll!VirtualProtect 76BC50CB 5 Bytes JMP 0089006C
.text C:\windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExW 76BCB647 5 Bytes JMP 00890F94
.text C:\windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExA 76BCBC13 5 Bytes JMP 0089005B
.text C:\windows\system32\svchost.exe[1496] kernel32.dll!CreateFileW 76BD0AFD 5 Bytes JMP 00890025
.text C:\windows\system32\svchost.exe[1496] kernel32.dll!GetProcAddress 76BD17D7 5 Bytes JMP 00890F4A
.text C:\windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 00890FD4
.text C:\windows\system32\svchost.exe[1496] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 00890FC3
.text C:\windows\system32\svchost.exe[1496] kernel32.dll!CreateFileA 76BD289C 5 Bytes JMP 0089000A
.text C:\windows\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoW 76BD7C55 5 Bytes JMP 008900BD
.text C:\windows\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeA 76C0D577 5 Bytes JMP 00890FEF
.text C:\windows\system32\svchost.exe[1496] kernel32.dll!WinExec 76C0E739 5 Bytes JMP 008900CE
.text C:\windows\system32\svchost.exe[1496] kernel32.dll!VirtualProtectEx 76C0F6F1 5 Bytes JMP 0089007D
.text C:\windows\system32\svchost.exe[1496] msvcrt.dll!_open 775F7E48 5 Bytes JMP 00990FEF
.text C:\windows\system32\svchost.exe[1496] msvcrt.dll!_wsystem 7762B04F 5 Bytes JMP 00990FAD
.text C:\windows\system32\svchost.exe[1496] msvcrt.dll!system 7762B16F 5 Bytes JMP 00990038
.text C:\windows\system32\svchost.exe[1496] msvcrt.dll!_creat 7762ED29 5 Bytes JMP 00990FC8
.text C:\windows\system32\svchost.exe[1496] msvcrt.dll!_wcreat 7763038E 5 Bytes JMP 0099001D
.text C:\windows\system32\svchost.exe[1496] msvcrt.dll!_wopen 77630570 5 Bytes JMP 0099000C
.text C:\windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyA 7725D2ED 5 Bytes JMP 008E0FEF
.text C:\windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyA 7725D3C1 5 Bytes JMP 008E0028
.text C:\windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExA 77261B71 5 Bytes JMP 008E0F90
.text C:\windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyW 77261CC0 5 Bytes JMP 008E0FA1
.text C:\windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyW 77263129 5 Bytes JMP 008E0FDE
.text C:\windows\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExW 7726B946 5 Bytes JMP 008E0F75
.text C:\windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExA 7726BC0D 5 Bytes JMP 008E0FCD
.text C:\windows\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExW 7726BEC4 5 Bytes JMP 008E0FBC
.text C:\windows\system32\svchost.exe[1496] WS2_32.dll!socket 77013F00 5 Bytes JMP 00980FEF
.text C:\windows\system32\svchost.exe[1816] ntdll.dll!NtCreateFile 77494870 5 Bytes JMP 008E0000
.text C:\windows\system32\svchost.exe[1816] ntdll.dll!NtCreateProcess 77494940 5 Bytes JMP 008E002C
.text C:\windows\system32\svchost.exe[1816] ntdll.dll!NtProtectVirtualMemory 774951C0 5 Bytes JMP 008E0011
.text C:\windows\system32\svchost.exe[1816] kernel32.dll!GetStartupInfoA 76B81DF0 5 Bytes JMP 00550F3F
.text C:\windows\system32\svchost.exe[1816] kernel32.dll!CreateProcessW 76B8202D 5 Bytes JMP 005500B9
.text C:\windows\system32\svchost.exe[1816] kernel32.dll!CreateProcessA 76B82062 5 Bytes JMP 0055009E
.text C:\windows\system32\svchost.exe[1816] kernel32.dll!CreateNamedPipeW 76BB1FEE 5 Bytes JMP 00550FB9
.text C:\windows\system32\svchost.exe[1816] kernel32.dll!CreatePipe 76BB4AAB 5 Bytes JMP 00550F50
.text C:\windows\system32\svchost.exe[1816] kernel32.dll!VirtualProtect 76BC50CB 5 Bytes JMP 00550054
.text C:\windows\system32\svchost.exe[1816] kernel32.dll!LoadLibraryExW 76BCB647 5 Bytes JMP 00550F86
.text C:\windows\system32\svchost.exe[1816] kernel32.dll!LoadLibraryExA 76BCBC13 5 Bytes JMP 00550F97
.text C:\windows\system32\svchost.exe[1816] kernel32.dll!CreateFileW 76BD0AFD 5 Bytes JMP 00550FDE
.text C:\windows\system32\svchost.exe[1816] kernel32.dll!GetProcAddress 76BD17D7 5 Bytes JMP 005500CA
.text C:\windows\system32\svchost.exe[1816] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 0055002F
.text C:\windows\system32\svchost.exe[1816] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 00550FA8
.text C:\windows\system32\svchost.exe[1816] kernel32.dll!CreateFileA 76BD289C 5 Bytes JMP 00550FEF
.text C:\windows\system32\svchost.exe[1816] kernel32.dll!GetStartupInfoW 76BD7C55 5 Bytes JMP 00550079
.text C:\windows\system32\svchost.exe[1816] kernel32.dll!CreateNamedPipeA 76C0D577 5 Bytes JMP 00550014
.text C:\windows\system32\svchost.exe[1816] kernel32.dll!WinExec 76C0E739 5 Bytes JMP 00550F1A
.text C:\windows\system32\svchost.exe[1816] kernel32.dll!VirtualProtectEx 76C0F6F1 5 Bytes JMP 00550F61
.text C:\windows\system32\svchost.exe[1816] msvcrt.dll!_open 775F7E48 5 Bytes JMP 00980000
.text C:\windows\system32\svchost.exe[1816] msvcrt.dll!_wsystem 7762B04F 5 Bytes JMP 00980FBC
.text C:\windows\system32\svchost.exe[1816] msvcrt.dll!system 7762B16F 5 Bytes JMP 00980FD7
.text C:\windows\system32\svchost.exe[1816] msvcrt.dll!_creat 7762ED29 5 Bytes JMP 0098002C
.text C:\windows\system32\svchost.exe[1816] msvcrt.dll!_wcreat 7763038E 5 Bytes JMP 00980047
.text C:\windows\system32\svchost.exe[1816] msvcrt.dll!_wopen 77630570 5 Bytes JMP 00980011
.text C:\windows\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyA 7725D2ED 5 Bytes JMP 00890000
.text C:\windows\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyA 7725D3C1 5 Bytes JMP 00890FC0
.text C:\windows\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyExA 77261B71 5 Bytes JMP 00890047
.text C:\windows\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyW 77261CC0 5 Bytes JMP 00890FA5
.text C:\windows\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyW 77263129 5 Bytes JMP 0089001B
.text C:\windows\system32\svchost.exe[1816] ADVAPI32.dll!RegCreateKeyExW 7726B946 5 Bytes JMP 00890058
.text C:\windows\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyExA 7726BC0D 5 Bytes JMP 0089002C
.text C:\windows\system32\svchost.exe[1816] ADVAPI32.dll!RegOpenKeyExW 7726BEC4 5 Bytes JMP 00890FDB
.text C:\windows\system32\svchost.exe[1816] WS2_32.dll!socket 77013F00 5 Bytes JMP 00930FEF
.text C:\windows\system32\svchost.exe[2136] ntdll.dll!NtCreateFile 77494870 5 Bytes JMP 00240000
.text C:\windows\system32\svchost.exe[2136] ntdll.dll!NtCreateProcess 77494940 5 Bytes JMP 0024001B
.text C:\windows\system32\svchost.exe[2136] ntdll.dll!NtProtectVirtualMemory 774951C0 5 Bytes JMP 00240FE5
.text C:\windows\system32\svchost.exe[2136] kernel32.dll!GetStartupInfoA 76B81DF0 5 Bytes JMP 001E0F43
.text C:\windows\system32\svchost.exe[2136] kernel32.dll!CreateProcessW 76B8202D 5 Bytes JMP 001E0F14
.text C:\windows\system32\svchost.exe[2136] kernel32.dll!CreateProcessA 76B82062 5 Bytes JMP 001E00A9
.text C:\windows\system32\svchost.exe[2136] kernel32.dll!CreateNamedPipeW 76BB1FEE 5 Bytes JMP 001E001B
.text C:\windows\system32\svchost.exe[2136] kernel32.dll!CreatePipe 76BB4AAB 5 Bytes JMP 001E006C
.text C:\windows\system32\svchost.exe[2136] kernel32.dll!VirtualProtect 76BC50CB 5 Bytes JMP 001E0F5E
.text C:\windows\system32\svchost.exe[2136] kernel32.dll!LoadLibraryExW 76BCB647 5 Bytes JMP 001E0F6F
.text C:\windows\system32\svchost.exe[2136] kernel32.dll!LoadLibraryExA 76BCBC13 5 Bytes JMP 001E002C
.text C:\windows\system32\svchost.exe[2136] kernel32.dll!CreateFileW 76BD0AFD 5 Bytes JMP 001E000A
.text C:\windows\system32\svchost.exe[2136] kernel32.dll!GetProcAddress 76BD17D7 5 Bytes JMP 001E0F03
.text C:\windows\system32\svchost.exe[2136] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 001E0FA5
.text C:\windows\system32\svchost.exe[2136] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 001E0F8A
.text C:\windows\system32\svchost.exe[2136] kernel32.dll!CreateFileA 76BD289C 5 Bytes JMP 001E0FEF
.text C:\windows\system32\svchost.exe[2136] kernel32.dll!GetStartupInfoW 76BD7C55 5 Bytes JMP 001E0087
.text C:\windows\system32\svchost.exe[2136] kernel32.dll!CreateNamedPipeA 76C0D577 5 Bytes JMP 001E0FCA
.text C:\windows\system32\svchost.exe[2136] kernel32.dll!WinExec 76C0E739 5 Bytes JMP 001E0098
.text C:\windows\system32\svchost.exe[2136] kernel32.dll!VirtualProtectEx 76C0F6F1 5 Bytes JMP 001E0051
.text C:\windows\system32\svchost.exe[2136] msvcrt.dll!_open 775F7E48 5 Bytes JMP 00260FEF
.text C:\windows\system32\svchost.exe[2136] msvcrt.dll!_wsystem 7762B04F 5 Bytes JMP 00260F7F
.text C:\windows\system32\svchost.exe[2136] msvcrt.dll!system 7762B16F 5 Bytes JMP 00260F90
.text C:\windows\system32\svchost.exe[2136] msvcrt.dll!_creat 7762ED29 5 Bytes JMP 00260000
.text C:\windows\system32\svchost.exe[2136] msvcrt.dll!_wcreat 7763038E 5 Bytes JMP 00260FAB
.text C:\windows\system32\svchost.exe[2136] msvcrt.dll!_wopen 77630570 5 Bytes JMP 00260FD2
.text C:\windows\system32\svchost.exe[2136] ADVAPI32.dll!RegOpenKeyA 7725D2ED 5 Bytes JMP 001F0FEF
.text C:\windows\system32\svchost.exe[2136] ADVAPI32.dll!RegCreateKeyA 7725D3C1 5 Bytes JMP 001F0FA8
.text C:\windows\system32\svchost.exe[2136] ADVAPI32.dll!RegCreateKeyExA 77261B71 5 Bytes JMP 001F0F7C
.text C:\windows\system32\svchost.exe[2136] ADVAPI32.dll!RegCreateKeyW 77261CC0 5 Bytes JMP 001F0F8D
.text C:\windows\system32\svchost.exe[2136] ADVAPI32.dll!RegOpenKeyW 77263129 5 Bytes JMP 001F0FDE
.text C:\windows\system32\svchost.exe[2136] ADVAPI32.dll!RegCreateKeyExW 7726B946 5 Bytes JMP 001F0043
.text C:\windows\system32\svchost.exe[2136] ADVAPI32.dll!RegOpenKeyExA 7726BC0D 5 Bytes JMP 001F0FC3
.text C:\windows\system32\svchost.exe[2136] ADVAPI32.dll!RegOpenKeyExW 7726BEC4 5 Bytes JMP 001F0014
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3392] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 69EE9A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3392] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 69EE9AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\windows\system32\svchost.exe[3456] ntdll.dll!NtCreateFile 77494870 5 Bytes JMP 002D000A
.text C:\windows\system32\svchost.exe[3456] ntdll.dll!NtCreateProcess 77494940 5 Bytes JMP 002D0025
.text C:\windows\system32\svchost.exe[3456] ntdll.dll!NtProtectVirtualMemory 774951C0 5 Bytes JMP 002D0FEF
.text C:\windows\system32\svchost.exe[3456] kernel32.dll!GetStartupInfoA 76B81DF0 5 Bytes JMP 001A00AC
.text C:\windows\system32\svchost.exe[3456] kernel32.dll!CreateProcessW 76B8202D 5 Bytes JMP 001A0F43
.text C:\windows\system32\svchost.exe[3456] kernel32.dll!CreateProcessA 76B82062 5 Bytes JMP 001A00D8
.text C:\windows\system32\svchost.exe[3456] kernel32.dll!CreateNamedPipeW 76BB1FEE 5 Bytes JMP 001A0025
.text C:\windows\system32\svchost.exe[3456] kernel32.dll!CreatePipe 76BB4AAB 5 Bytes JMP 001A009B
.text C:\windows\system32\svchost.exe[3456] kernel32.dll!VirtualProtect 76BC50CB 5 Bytes JMP 001A0076
.text C:\windows\system32\svchost.exe[3456] kernel32.dll!LoadLibraryExW 76BCB647 5 Bytes JMP 001A0F94
.text C:\windows\system32\svchost.exe[3456] kernel32.dll!LoadLibraryExA 76BCBC13 5 Bytes JMP 001A005B
.text C:\windows\system32\svchost.exe[3456] kernel32.dll!CreateFileW 76BD0AFD 5 Bytes JMP 001A0FE5
.text C:\windows\system32\svchost.exe[3456] kernel32.dll!GetProcAddress 76BD17D7 5 Bytes JMP 001A00F3
.text C:\windows\system32\svchost.exe[3456] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 001A0FC3
.text C:\windows\system32\svchost.exe[3456] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 001A004A
.text C:\windows\system32\svchost.exe[3456] kernel32.dll!CreateFileA 76BD289C 5 Bytes JMP 001A0000
.text C:\windows\system32\svchost.exe[3456] kernel32.dll!GetStartupInfoW 76BD7C55 5 Bytes JMP 001A0F68
.text C:\windows\system32\svchost.exe[3456] kernel32.dll!CreateNamedPipeA 76C0D577 5 Bytes JMP 001A0FD4
.text C:\windows\system32\svchost.exe[3456] kernel32.dll!WinExec 76C0E739 5 Bytes JMP 001A00BD
.text C:\windows\system32\svchost.exe[3456] kernel32.dll!VirtualProtectEx 76C0F6F1 5 Bytes JMP 001A0F83
.text C:\windows\system32\svchost.exe[3456] msvcrt.dll!_open 775F7E48 5 Bytes JMP 002E0000
.text C:\windows\system32\svchost.exe[3456] msvcrt.dll!_wsystem 7762B04F 5 Bytes JMP 002E0FC1
.text C:\windows\system32\svchost.exe[3456] msvcrt.dll!system 7762B16F 5 Bytes JMP 002E0FD2
.text C:\windows\system32\svchost.exe[3456] msvcrt.dll!_creat 7762ED29 5 Bytes JMP 002E0027
.text C:\windows\system32\svchost.exe[3456] msvcrt.dll!_wcreat 7763038E 5 Bytes JMP 002E0038
.text C:\windows\system32\svchost.exe[3456] msvcrt.dll!_wopen 77630570 5 Bytes JMP 002E0FE3
.text C:\windows\system32\svchost.exe[3456] ADVAPI32.dll!RegOpenKeyA 7725D2ED 5 Bytes JMP 00280FEF
.text C:\windows\system32\svchost.exe[3456] ADVAPI32.dll!RegCreateKeyA 7725D3C1 5 Bytes JMP 0028001B
.text C:\windows\system32\svchost.exe[3456] ADVAPI32.dll!RegCreateKeyExA 77261B71 5 Bytes JMP 00280F83
.text C:\windows\system32\svchost.exe[3456] ADVAPI32.dll!RegCreateKeyW 77261CC0 5 Bytes JMP 00280F94
.text C:\windows\system32\svchost.exe[3456] ADVAPI32.dll!RegOpenKeyW 77263129 5 Bytes JMP 0028000A
.text C:\windows\system32\svchost.exe[3456] ADVAPI32.dll!RegCreateKeyExW 7726B946 5 Bytes JMP 00280040
.text C:\windows\system32\svchost.exe[3456] ADVAPI32.dll!RegOpenKeyExA 7726BC0D 5 Bytes JMP 00280FD4
.text C:\windows\system32\svchost.exe[3456] ADVAPI32.dll!RegOpenKeyExW 7726BEC4 5 Bytes JMP 00280FAF
.text C:\windows\system32\svchost.exe[3456] WS2_32.dll!socket 77013F00 5 Bytes JMP 00270000
.text C:\windows\system32\svchost.exe[4364] ntdll.dll!NtCreateFile 77494870 5 Bytes JMP 00200000
.text C:\windows\system32\svchost.exe[4364] ntdll.dll!NtCreateProcess 77494940 5 Bytes JMP 00200FE5
.text C:\windows\system32\svchost.exe[4364] ntdll.dll!NtProtectVirtualMemory 774951C0 5 Bytes JMP 00200011
.text C:\windows\system32\svchost.exe[4364] kernel32.dll!GetStartupInfoA 76B81DF0 5 Bytes JMP 001D00D8
.text C:\windows\system32\svchost.exe[4364] kernel32.dll!CreateProcessW 76B8202D 5 Bytes JMP 001D010E
.text C:\windows\system32\svchost.exe[4364] kernel32.dll!CreateProcessA 76B82062 5 Bytes JMP 001D00F3
.text C:\windows\system32\svchost.exe[4364] kernel32.dll!CreateNamedPipeW 76BB1FEE 5 Bytes JMP 001D0040
.text C:\windows\system32\svchost.exe[4364] kernel32.dll!CreatePipe 76BB4AAB 5 Bytes JMP 001D0FA5
.text C:\windows\system32\svchost.exe[4364] kernel32.dll!VirtualProtect 76BC50CB 5 Bytes JMP 001D008E
.text C:\windows\system32\svchost.exe[4364] kernel32.dll!LoadLibraryExW 76BCB647 5 Bytes JMP 001D007D
.text C:\windows\system32\svchost.exe[4364] kernel32.dll!LoadLibraryExA 76BCBC13 5 Bytes JMP 001D0FC0
.text C:\windows\system32\svchost.exe[4364] kernel32.dll!CreateFileW 76BD0AFD 5 Bytes JMP 001D000A
.text C:\windows\system32\svchost.exe[4364] kernel32.dll!GetProcAddress 76BD17D7 5 Bytes JMP 001D011F
.text C:\windows\system32\svchost.exe[4364] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 001D0051
.text C:\windows\system32\svchost.exe[4364] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 001D0062
.text C:\windows\system32\svchost.exe[4364] kernel32.dll!CreateFileA 76BD289C 5 Bytes JMP 001D0FEF
.text C:\windows\system32\svchost.exe[4364] kernel32.dll!GetStartupInfoW 76BD7C55 5 Bytes JMP 001D0F94
.text C:\windows\system32\svchost.exe[4364] kernel32.dll!CreateNamedPipeA 76C0D577 5 Bytes JMP 001D0025
.text C:\windows\system32\svchost.exe[4364] kernel32.dll!WinExec 76C0E739 5 Bytes JMP 001D0F83
.text C:\windows\system32\svchost.exe[4364] kernel32.dll!VirtualProtectEx 76C0F6F1 5 Bytes JMP 001D00B3
.text C:\windows\system32\svchost.exe[4364] msvcrt.dll!_open 775F7E48 5 Bytes JMP 00360FE3
.text C:\windows\system32\svchost.exe[4364] msvcrt.dll!_wsystem 7762B04F 5 Bytes JMP 00360038
.text C:\windows\system32\svchost.exe[4364] msvcrt.dll!system 7762B16F 5 Bytes JMP 00360FAD
.text C:\windows\system32\svchost.exe[4364] msvcrt.dll!_creat 7762ED29 5 Bytes JMP 0036001D
.text C:\windows\system32\svchost.exe[4364] msvcrt.dll!_wcreat 7763038E 5 Bytes JMP 00360FC8
.text C:\windows\system32\svchost.exe[4364] msvcrt.dll!_wopen 77630570 5 Bytes JMP 0036000C
.text C:\windows\system32\svchost.exe[4364] ADVAPI32.dll!RegOpenKeyA 7725D2ED 5 Bytes JMP 001F0FEF
.text C:\windows\system32\svchost.exe[4364] ADVAPI32.dll!RegCreateKeyA 7725D3C1 5 Bytes JMP 001F0025
.text C:\windows\system32\svchost.exe[4364] ADVAPI32.dll!RegCreateKeyExA 77261B71 5 Bytes JMP 001F0F83
.text C:\windows\system32\svchost.exe[4364] ADVAPI32.dll!RegCreateKeyW 77261CC0 5 Bytes JMP 001F0F94
.text C:\windows\system32\svchost.exe[4364] ADVAPI32.dll!RegOpenKeyW 77263129 5 Bytes JMP 001F0000
.text C:\windows\system32\svchost.exe[4364] ADVAPI32.dll!RegCreateKeyExW 7726B946 5 Bytes JMP 001F0040
.text C:\windows\system32\svchost.exe[4364] ADVAPI32.dll!RegOpenKeyExA 7726BC0D 5 Bytes JMP 001F0FCA
.text C:\windows\system32\svchost.exe[4364] ADVAPI32.dll!RegOpenKeyExW 7726BEC4 5 Bytes JMP 001F0FAF
.text C:\windows\system32\svchost.exe[4364] WS2_32.dll!socket 77013F00 5 Bytes JMP 001E0FE5
.text C:\windows\system32\DllHost.exe[5936] ntdll.dll!NtCreateFile 77494870 5 Bytes JMP 00040000
.text C:\windows\system32\DllHost.exe[5936] ntdll.dll!NtCreateProcess 77494940 5 Bytes JMP 0004001B
.text C:\windows\system32\DllHost.exe[5936] ntdll.dll!NtProtectVirtualMemory 774951C0 5 Bytes JMP 00040FE5
.text C:\windows\system32\DllHost.exe[5936] kernel32.dll!GetStartupInfoA 76B81DF0 5 Bytes JMP 000100AC
.text C:\windows\system32\DllHost.exe[5936] kernel32.dll!CreateProcessW 76B8202D 5 Bytes JMP 000100F3
.text C:\windows\system32\DllHost.exe[5936] kernel32.dll!CreateProcessA 76B82062 5 Bytes JMP 000100D8
.text C:\windows\system32\DllHost.exe[5936] kernel32.dll!CreateNamedPipeW 76BB1FEE 5 Bytes JMP 00010014
.text C:\windows\system32\DllHost.exe[5936] kernel32.dll!CreatePipe 76BB4AAB 5 Bytes JMP 00010091
.text C:\windows\system32\DllHost.exe[5936] kernel32.dll!VirtualProtect 76BC50CB 5 Bytes JMP 00010F94
.text C:\windows\system32\DllHost.exe[5936] kernel32.dll!LoadLibraryExW 76BCB647 5 Bytes JMP 0001006C
.text C:\windows\system32\DllHost.exe[5936] kernel32.dll!LoadLibraryExA 76BCBC13 5 Bytes JMP 00010051
.text C:\windows\system32\DllHost.exe[5936] kernel32.dll!CreateFileW 76BD0AFD 5 Bytes JMP 00010FD4
.text C:\windows\system32\DllHost.exe[5936] kernel32.dll!GetProcAddress 76BD17D7 5 Bytes JMP 00010F39
.text C:\windows\system32\DllHost.exe[5936] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 0001002F
.text C:\windows\system32\DllHost.exe[5936] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 00010040
.text C:\windows\system32\DllHost.exe[5936] kernel32.dll!CreateFileA 76BD289C 5 Bytes JMP 00010FEF
.text C:\windows\system32\DllHost.exe[5936] kernel32.dll!GetStartupInfoW 76BD7C55 5 Bytes JMP 00010F5E
.text C:\windows\system32\DllHost.exe[5936] kernel32.dll!CreateNamedPipeA 76C0D577 5 Bytes JMP 00010FC3
.text C:\windows\system32\DllHost.exe[5936] kernel32.dll!WinExec 76C0E739 5 Bytes JMP 000100BD
.text C:\windows\system32\DllHost.exe[5936] kernel32.dll!VirtualProtectEx 76C0F6F1 5 Bytes JMP 00010F79
.text C:\windows\system32\DllHost.exe[5936] msvcrt.dll!_open 775F7E48 5 Bytes JMP 00060000
.text C:\windows\system32\DllHost.exe[5936] msvcrt.dll!_wsystem 7762B04F 5 Bytes JMP 00060FC3
.text C:\windows\system32\DllHost.exe[5936] msvcrt.dll!system 7762B16F 5 Bytes JMP 0006004E
.text C:\windows\system32\DllHost.exe[5936] msvcrt.dll!_creat 7762ED29 5 Bytes JMP 00060022
.text C:\windows\system32\DllHost.exe[5936] msvcrt.dll!_wcreat 7763038E 5 Bytes JMP 0006003D
.text C:\windows\system32\DllHost.exe[5936] msvcrt.dll!_wopen 77630570 5 Bytes JMP 00060011
.text C:\windows\system32\DllHost.exe[5936] ADVAPI32.dll!RegOpenKeyA 7725D2ED 5 Bytes JMP 000A0000
.text C:\windows\system32\DllHost.exe[5936] ADVAPI32.dll!RegCreateKeyA 7725D3C1 5 Bytes JMP 000A004A
.text C:\windows\system32\DllHost.exe[5936] ADVAPI32.dll!RegCreateKeyExA 77261B71 5 Bytes JMP 000A0FB2
.text C:\windows\system32\DllHost.exe[5936] ADVAPI32.dll!RegCreateKeyW 77261CC0 5 Bytes JMP 000A0FC3
.text C:\windows\system32\DllHost.exe[5936] ADVAPI32.dll!RegOpenKeyW 77263129 5 Bytes JMP 000A0FE5
.text C:\windows\system32\DllHost.exe[5936] ADVAPI32.dll!RegCreateKeyExW 7726B946 5 Bytes JMP 000A0FA1
.text C:\windows\system32\DllHost.exe[5936] ADVAPI32.dll!RegOpenKeyExA 7726BC0D 5 Bytes JMP 000A001B
.text C:\windows\system32\DllHost.exe[5936] ADVAPI32.dll!RegOpenKeyExW 7726BEC4 5 Bytes JMP 000A0FD4
.text C:\windows\system32\DllHost.exe[5936] WININET.dll!InternetOpenA 759A4E3C 5 Bytes JMP 00140FE5
.text C:\windows\system32\DllHost.exe[5936] WININET.dll!InternetOpenUrlA 759ABFDE 5 Bytes JMP 00140011
.text C:\windows\system32\DllHost.exe[5936] WININET.dll!InternetOpenW 759DC126 5 Bytes JMP 00140000
.text C:\windows\system32\DllHost.exe[5936] WININET.dll!InternetOpenUrlW 75A0D8D2 5 Bytes JMP 00140FCA
.text C:\windows\Explorer.exe[6036] ntdll.dll!NtCreateFile 77494870 5 Bytes JMP 0004000A
.text C:\windows\Explorer.exe[6036] ntdll.dll!NtCreateProcess 77494940 5 Bytes JMP 00040025
.text C:\windows\Explorer.exe[6036] ntdll.dll!NtProtectVirtualMemory 774951C0 5 Bytes JMP 00040FE5
.text C:\windows\Explorer.exe[6036] kernel32.dll!GetStartupInfoA 76B81DF0 5 Bytes JMP 00010F43
.text C:\windows\Explorer.exe[6036] kernel32.dll!CreateProcessW 76B8202D 5 Bytes JMP 00010F0D
.text C:\windows\Explorer.exe[6036] kernel32.dll!CreateProcessA 76B82062 5 Bytes JMP 000100A2
.text C:\windows\Explorer.exe[6036] kernel32.dll!CreateNamedPipeW 76BB1FEE 5 Bytes JMP 00010FC0
.text C:\windows\Explorer.exe[6036] kernel32.dll!CreatePipe 76BB4AAB 5 Bytes JMP 0001006C
.text C:\windows\Explorer.exe[6036] kernel32.dll!VirtualProtect 76BC50CB 5 Bytes JMP 00010F6F
.text C:\windows\Explorer.exe[6036] kernel32.dll!LoadLibraryExW 76BCB647 5 Bytes JMP 00010F8A
.text C:\windows\Explorer.exe[6036] kernel32.dll!LoadLibraryExA 76BCBC13 5 Bytes JMP 00010047
.text C:\windows\Explorer.exe[6036] kernel32.dll!CreateFileW 76BD0AFD 5 Bytes JMP 00010FDB
.text C:\windows\Explorer.exe[6036] kernel32.dll!GetProcAddress 76BD17D7 5 Bytes JMP 00010EFC
.text C:\windows\Explorer.exe[6036] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 0001002C
.text C:\windows\Explorer.exe[6036] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 00010FA5
.text C:\windows\Explorer.exe[6036] kernel32.dll!CreateFileA 76BD289C 5 Bytes JMP 00010000
.text C:\windows\Explorer.exe[6036] kernel32.dll!GetStartupInfoW 76BD7C55 5 Bytes JMP 00010F32
.text C:\windows\Explorer.exe[6036] kernel32.dll!CreateNamedPipeA 76C0D577 5 Bytes JMP 0001001B
.text C:\windows\Explorer.exe[6036] kernel32.dll!WinExec 76C0E739 5 Bytes JMP 00010087
.text C:\windows\Explorer.exe[6036] kernel32.dll!VirtualProtectEx 76C0F6F1 5 Bytes JMP 00010F5E
.text C:\windows\Explorer.exe[6036] ADVAPI32.dll!RegOpenKeyA 7725D2ED 5 Bytes JMP 00070FEF
.text C:\windows\Explorer.exe[6036] ADVAPI32.dll!RegCreateKeyA 7725D3C1 5 Bytes JMP 00070FBC
.text C:\windows\Explorer.exe[6036] ADVAPI32.dll!RegCreateKeyExA 77261B71 5 Bytes JMP 00070043
.text C:\windows\Explorer.exe[6036] ADVAPI32.dll!RegCreateKeyW 77261CC0 5 Bytes JMP 00070FA1
.text C:\windows\Explorer.exe[6036] ADVAPI32.dll!RegOpenKeyW 77263129 5 Bytes JMP 00070FDE
.text C:\windows\Explorer.exe[6036] ADVAPI32.dll!RegCreateKeyExW 7726B946 5 Bytes JMP 00070F86
.text C:\windows\Explorer.exe[6036] ADVAPI32.dll!RegOpenKeyExA 7726BC0D 5 Bytes JMP 00070FCD
.text C:\windows\Explorer.exe[6036] ADVAPI32.dll!RegOpenKeyExW 7726BEC4 5 Bytes JMP 0007001E
.text C:\windows\Explorer.exe[6036] msvcrt.dll!_open 775F7E48 5 Bytes JMP 00080FEF
.text C:\windows\Explorer.exe[6036] msvcrt.dll!_wsystem 7762B04F 5 Bytes JMP 00080F97
.text C:\windows\Explorer.exe[6036] msvcrt.dll!system 7762B16F 5 Bytes JMP 00080FB2
.text C:\windows\Explorer.exe[6036] msvcrt.dll!_creat 7762ED29 5 Bytes JMP 00080FCD
.text C:\windows\Explorer.exe[6036] msvcrt.dll!_wcreat 7763038E 5 Bytes JMP 00080022
.text C:\windows\Explorer.exe[6036] msvcrt.dll!_wopen 77630570 5 Bytes JMP 00080FDE
.text C:\windows\Explorer.exe[6036] WININET.dll!InternetOpenA 759A4E3C 5 Bytes JMP 00BC000A
.text C:\windows\Explorer.exe[6036] WININET.dll!InternetOpenUrlA 759ABFDE 5 Bytes JMP 00BC002C
.text C:\windows\Explorer.exe[6036] WININET.dll!InternetOpenW 759DC126 5 Bytes JMP 00BC001B
.text C:\windows\Explorer.exe[6036] WININET.dll!InternetOpenUrlW 75A0D8D2 5 Bytes JMP 00BC0FDB
.text C:\windows\Explorer.exe[6036] WS2_32.dll!socket 77013F00 5 Bytes JMP 04CC0FEF
.text C:\windows\System32\svchost.exe[6096] ntdll.dll!NtCreateFile 77494870 5 Bytes JMP 00040000
.text C:\windows\System32\svchost.exe[6096] ntdll.dll!NtCreateProcess 77494940 5 Bytes JMP 00040FD4
.text C:\windows\System32\svchost.exe[6096] ntdll.dll!NtProtectVirtualMemory 774951C0 5 Bytes JMP 00040FEF
.text C:\windows\System32\svchost.exe[6096] kernel32.dll!GetStartupInfoA 76B81DF0 5 Bytes JMP 00010098
.text C:\windows\System32\svchost.exe[6096] kernel32.dll!CreateProcessW 76B8202D 5 Bytes JMP 00010F28
.text C:\windows\System32\svchost.exe[6096] kernel32.dll!CreateProcessA 76B82062 5 Bytes JMP 00010F4D
.text C:\windows\System32\svchost.exe[6096] kernel32.dll!CreateNamedPipeW 76BB1FEE 5 Bytes JMP 00010025
.text C:\windows\System32\svchost.exe[6096] kernel32.dll!CreatePipe 76BB4AAB 5 Bytes JMP 00010F79
.text C:\windows\System32\svchost.exe[6096] kernel32.dll!VirtualProtect 76BC50CB 5 Bytes JMP 0001006C
.text C:\windows\System32\svchost.exe[6096] kernel32.dll!LoadLibraryExW 76BCB647 5 Bytes JMP 00010051
.text C:\windows\System32\svchost.exe[6096] kernel32.dll!LoadLibraryExA 76BCBC13 5 Bytes JMP 00010F94
.text C:\windows\System32\svchost.exe[6096] kernel32.dll!CreateFileW 76BD0AFD 5 Bytes JMP 00010FDE
.text C:\windows\System32\svchost.exe[6096] kernel32.dll!GetProcAddress 76BD17D7 5 Bytes JMP 000100D8
.text C:\windows\System32\svchost.exe[6096] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 00010FB9
.text C:\windows\System32\svchost.exe[6096] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 00010040
.text C:\windows\System32\svchost.exe[6096] kernel32.dll!CreateFileA 76BD289C 5 Bytes JMP 00010FEF
.text C:\windows\System32\svchost.exe[6096] kernel32.dll!GetStartupInfoW 76BD7C55 5 Bytes JMP 00010F5E
.text C:\windows\System32\svchost.exe[6096] kernel32.dll!CreateNamedPipeA 76C0D577 5 Bytes JMP 00010014
.text C:\windows\System32\svchost.exe[6096] kernel32.dll!WinExec 76C0E739 5 Bytes JMP 000100C7
.text C:\windows\System32\svchost.exe[6096] kernel32.dll!VirtualProtectEx 76C0F6F1 5 Bytes JMP 00010087
.text C:\windows\System32\svchost.exe[6096] msvcrt.dll!_open 775F7E48 5 Bytes JMP 00120000
.text C:\windows\System32\svchost.exe[6096] msvcrt.dll!_wsystem 7762B04F 5 Bytes JMP 00120038
.text C:\windows\System32\svchost.exe[6096] msvcrt.dll!system 7762B16F 5 Bytes JMP 00120FAD
.text C:\windows\System32\svchost.exe[6096] msvcrt.dll!_creat 7762ED29 5 Bytes JMP 00120FD2
.text C:\windows\System32\svchost.exe[6096] msvcrt.dll!_wcreat 7763038E 5 Bytes JMP 00120027
.text C:\windows\System32\svchost.exe[6096] msvcrt.dll!_wopen 77630570 5 Bytes JMP 00120FE3
.text C:\windows\System32\svchost.exe[6096] WS2_32.dll!socket 77013F00 5 Bytes JMP 00130FE5
.text C:\windows\System32\svchost.exe[6096] ADVAPI32.dll!RegOpenKeyA 7725D2ED 5 Bytes JMP 00190000
.text C:\windows\System32\svchost.exe[6096] ADVAPI32.dll!RegCreateKeyA 7725D3C1 5 Bytes JMP 00190036
.text C:\windows\System32\svchost.exe[6096] ADVAPI32.dll!RegCreateKeyExA 77261B71 5 Bytes JMP 0019005B
.text C:\windows\System32\svchost.exe[6096] ADVAPI32.dll!RegCreateKeyW 77261CC0 5 Bytes JMP 00190FAF
.text C:\windows\System32\svchost.exe[6096] ADVAPI32.dll!RegOpenKeyW 77263129 5 Bytes JMP 0019001B
.text C:\windows\System32\svchost.exe[6096] ADVAPI32.dll!RegCreateKeyExW 7726B946 5 Bytes JMP 0019006C
.text C:\windows\System32\svchost.exe[6096] ADVAPI32.dll!RegOpenKeyExA 7726BC0D 5 Bytes JMP 00190FE5
.text C:\windows\System32\svchost.exe[6096] ADVAPI32.dll!RegOpenKeyExW 7726BEC4 5 Bytes JMP 00190FCA
.text C:\windows\system32\wuauclt.exe[6152] ntdll.dll!NtCreateFile 77494870 5 Bytes JMP 00040000
.text C:\windows\system32\wuauclt.exe[6152] ntdll.dll!NtCreateProcess 77494940 5 Bytes JMP 0004002C
.text C:\windows\system32\wuauclt.exe[6152] ntdll.dll!NtProtectVirtualMemory 774951C0 5 Bytes JMP 0004001B
.text C:\windows\system32\wuauclt.exe[6152] kernel32.dll!GetStartupInfoA 76B81DF0 5 Bytes JMP 00010069
.text C:\windows\system32\wuauclt.exe[6152] kernel32.dll!CreateProcessW 76B8202D 5 Bytes JMP 00010F03
.text C:\windows\system32\wuauclt.exe[6152] kernel32.dll!CreateProcessA 76B82062 5 Bytes JMP 00010F14
.text C:\windows\system32\wuauclt.exe[6152] kernel32.dll!CreateNamedPipeW 76BB1FEE 5 Bytes JMP 00010FC0
.text C:\windows\system32\wuauclt.exe[6152] kernel32.dll!CreatePipe 76BB4AAB 5 Bytes JMP 00010F40
.text C:\windows\system32\wuauclt.exe[6152] kernel32.dll!VirtualProtect 76BC50CB 5 Bytes JMP 00010F65
.text C:\windows\system32\wuauclt.exe[6152] kernel32.dll!LoadLibraryExW 76BCB647 5 Bytes JMP 0001003D
.text C:\windows\system32\wuauclt.exe[6152] kernel32.dll!LoadLibraryExA 76BCBC13 5 Bytes JMP 00010022
.text C:\windows\system32\wuauclt.exe[6152] kernel32.dll!CreateFileW 76BD0AFD 5 Bytes JMP 00010011
.text C:\windows\system32\wuauclt.exe[6152] kernel32.dll!GetProcAddress 76BD17D7 5 Bytes JMP 000100A9
.text C:\windows\system32\wuauclt.exe[6152] kernel32.dll!LoadLibraryA 76BD2804 5 Bytes JMP 00010FA5
.text C:\windows\system32\wuauclt.exe[6152] kernel32.dll!LoadLibraryW 76BD2852 5 Bytes JMP 00010F8A
.text C:\windows\system32\wuauclt.exe[6152] kernel32.dll!CreateFileA 76BD289C 5 Bytes JMP 00010000
.text C:\windows\system32\wuauclt.exe[6152] kernel32.dll!GetStartupInfoW 76BD7C55 5 Bytes JMP 00010F2F
.text C:\windows\system32\wuauclt.exe[6152] kernel32.dll!CreateNamedPipeA 76C0D577 5 Bytes JMP 00010FD1
.text C:\windows\system32\wuauclt.exe[6152] kernel32.dll!WinExec 76C0E739 5 Bytes JMP 0001008E
.text C:\windows\system32\wuauclt.exe[6152] kernel32.dll!VirtualProtectEx 76C0F6F1 5 Bytes JMP 00010058
.text C:\windows\system32\wuauclt.exe[6152] msvcrt.dll!_open 775F7E48 5 Bytes JMP 00080FEF
.text C:\windows\system32\wuauclt.exe[6152] msvcrt.dll!_wsystem 7762B04F 5 Bytes JMP 00080069
.text C:\windows\system32\wuauclt.exe[6152] msvcrt.dll!system 7762B16F 5 Bytes JMP 0008004E
.text C:\windows\system32\wuauclt.exe[6152] msvcrt.dll!_creat 7762ED29 5 Bytes JMP 00080FDE
.text C:\windows\system32\wuauclt.exe[6152] msvcrt.dll!_wcreat 7763038E 5 Bytes JMP 0008003D
.text C:\windows\system32\wuauclt.exe[6152] msvcrt.dll!_wopen 77630570 5 Bytes JMP 00080018
.text C:\windows\system32\wuauclt.exe[6152] ADVAPI32.dll!RegOpenKeyA 7725D2ED 5 Bytes JMP 0009000A
.text C:\windows\system32\wuauclt.exe[6152] ADVAPI32.dll!RegCreateKeyA 7725D3C1 5 Bytes JMP 00090036
.text C:\windows\system32\wuauclt.exe[6152] ADVAPI32.dll!RegCreateKeyExA 77261B71 5 Bytes JMP 00090051
.text C:\windows\system32\wuauclt.exe[6152] ADVAPI32.dll!RegCreateKeyW 77261CC0 5 Bytes JMP 00090FAF
.text C:\windows\system32\wuauclt.exe[6152] ADVAPI32.dll!RegOpenKeyW 77263129 5 Bytes JMP 00090FE5
.text C:\windows\system32\wuauclt.exe[6152] ADVAPI32.dll!RegCreateKeyExW 7726B946 5 Bytes JMP 00090F94
.text C:\windows\system32\wuauclt.exe[6152] ADVAPI32.dll!RegOpenKeyExA 7726BC0D 5 Bytes JMP 0009001B
.text C:\windows\system32\wuauclt.exe[6152] ADVAPI32.dll!RegOpenKeyExW 7726BEC4 5 Bytes JMP 00090FCA

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\windows\system32\mfevtps.exe[1388] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00DC77A0] C:\windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\windows\system32\rundll32.exe[1524] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75535E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\windows\system32\rundll32.exe[1524] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75535E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\windows\system32\rundll32.exe[1524] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75535E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\windows\system32\rundll32.exe[1524] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75535E25] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\windows\Explorer.exe[6036] @ C:\windows\Explorer.exe [gdiplus.dll!GdipAlloc] [73682494] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.exe[6036] @ C:\windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [73665624] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.exe[6036] @ C:\windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [736656E2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.exe[6036] @ C:\windows\Explorer.exe [gdiplus.dll!GdipFree] [7368250F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.exe[6036] @ C:\windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73678573] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.exe[6036] @ C:\windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [73674D27] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.exe[6036] @ C:\windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [736750CE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.exe[6036] @ C:\windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [736751A3] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.exe[6036] @ C:\windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [736766D0] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.exe[6036] @ C:\windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [736782CA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.exe[6036] @ C:\windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73678819] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.exe[6036] @ C:\windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7367907A] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.exe[6036] @ C:\windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7367E21D] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.exe[6036] @ C:\windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [73674C59] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device iaStor.sys (Intel Matrix Storage Manager driver - ia32/Intel Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:5844] 9F724730

---- EOF - GMER 1.0.15 ----


The attach.txt file is attached.

Attached File(s)


This post has been edited by faith766: 06 January 2012 - 12:22 AM

#2 User is offline   HelpBot 

  • Bleepin' Binary Bot
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Bots
  • Posts: 5,607
  • Joined: 05-October 07
  • Gender:Male

Posted 12 January 2012 - 12:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/436547 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.

  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.


Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 User is offline   faith766 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 32
  • Joined: 17-May 11

Posted 12 January 2012 - 06:29 PM

I haven't made any changes to my computer since I posted the last logs, so the logs should be the same. But if you wish me to repost the logs,
I will, once I get back to the computer with the problems.

I do not currently have a Windows CD/DVD available, but I can try to get one if needed. (I am using Windows 7 32 bits).

Faith

#4 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,549
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 13 January 2012 - 01:22 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5 User is offline   faith766 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 32
  • Joined: 17-May 11

Posted 13 January 2012 - 05:51 PM

Hello again Gringo! You may not remember me because you help many people, but I remember you very well. You helped me solve my google redirect problem a long time ago.

Anyways, I have ran Combofix and I did not need to restart. I had no problems running it, all went well.
So here is the ComboFix log:

ComboFix 12-01-13.05 - Mihil 13/01/2012 17:29:07.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3037.2064 [GMT -5:00]
Running from: c:\users\Mihil\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mihil\Documents\~WRL0003.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-13 to 2012-01-13 )))))))))))))))))))))))))))))))
.
.
2012-01-05 22:21 . 2012-01-05 22:21 -------- d-----w- c:\programdata\FLEXnet
2012-01-05 22:11 . 2012-01-05 22:11 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-01-02 19:47 . 2012-01-02 19:48 -------- d--h--w- c:\windows\AxInstSV
2011-12-31 21:14 . 1999-12-09 18:18 239616 ------r- c:\windows\system32\Hdk3ctnt.dll
2011-12-31 21:10 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-12-31 02:40 . 2011-12-31 02:40 -------- d-----w- c:\users\Mihil\AppData\Local\Secunia PSI
2011-12-31 02:40 . 2011-12-31 02:40 -------- d-----w- c:\program files\Secunia
2011-12-26 03:24 . 2011-12-30 19:13 -------- d-----w- c:\programdata\dD01300DfJbJ01300
2011-12-25 01:14 . 2011-12-25 01:14 -------- d-----w- c:\users\Mihil\AppData\Local\FlashDevelop
2011-12-24 23:16 . 2011-12-24 23:40 -------- d-----w- c:\program files\FlashDevelop
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-05-18 21:05 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:23 . 2011-12-14 16:20 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:30 . 2011-12-14 16:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-14 18:11 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-14 18:11 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 18:11 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-14 18:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-26 04:42 . 2011-12-14 16:20 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:42 . 2011-12-14 16:20 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:25 . 2011-12-14 16:20 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-11-15 02:55 . 2011-05-08 00:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-10-14 03:28 . 2011-01-08 23:34 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-03 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-17 1549608]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2008-09-25 195080]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-07-02 252288]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-10 1324384]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5107232]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-11-22 1193848]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2010-03-27 21:07 362232 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-12-13 04:20 3305760 ----a-w- c:\users\Mihil\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-19 01:56 136176 ----atw- c:\users\Mihil\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDMICtrlMan]
2009-08-03 22:03 832856 ----a-w- c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartFaceVWatcher]
2009-07-29 16:19 163840 ----a-w- c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-08 18:07 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DLPortIO;DriverLINX Port I/O Driver; [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 94880]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2009-07-24 25112]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-01 116136]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 84264]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-12-22 911680]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 13120]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-21 218688]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-14 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-14 164840]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-12-22 2480048]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-14 141792]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2011-01-06 689464]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-10 181616]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-05 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-12-22 160704]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 313288]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-22 66592]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-28 859136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 02:39]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 02:39]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-572239225-2963667227-3184985361-1000Core.job
- c:\users\Mihil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 01:56]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-572239225-2963667227-3184985361-1000UA.job
- c:\users\Mihil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 01:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://mytdsb.on.ca/+CSCOL+/csvrloader32.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/plugins/activex/YoYo.cab
FF - ProfilePath - c:\users\Mihil\AppData\Roaming\Mozilla\Firefox\Profiles\82sdjskc.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en&gl=ca#restore
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000020
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-13 17:44:42
ComboFix-quarantined-files.txt 2012-01-13 22:44
ComboFix2.txt 2011-05-27 02:33
ComboFix3.txt 2011-05-26 22:56
.
Pre-Run: 109,688,717,312 bytes free
Post-Run: 109,479,395,328 bytes free
.
- - End Of File - - 94970187E3BDC2997FE694001207B710

#6 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,549
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 13 January 2012 - 08:35 PM

Hello

Yes I do remember it was back in june.

Do you have any symptoms at this time of anything that may not be right?

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#7 User is offline   faith766 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 32
  • Joined: 17-May 11

Posted 13 January 2012 - 08:55 PM

The only symptom that seems to exist is a really slow computer.
I know that a slow computer doesn't indicate anything. But I have enough RAM (4 GB), I tried removing start up programs, I even tried disk fragmenting.
I am wondering how these malwares get in!
Anyways...
TDSS killer did not find anything.

Here is the log:;
20:49:06.0720 3332 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
20:49:07.0734 3332 ============================================================
20:49:07.0734 3332 Current date / time: 2012/01/13 20:49:07.0734
20:49:07.0734 3332 SystemInfo:
20:49:07.0734 3332
20:49:07.0734 3332 OS Version: 6.1.7600 ServicePack: 0.0
20:49:07.0734 3332 Product type: Workstation
20:49:07.0734 3332 ComputerName: MHVPATEL
20:49:07.0734 3332 UserName: Mihil
20:49:07.0734 3332 Windows directory: C:\windows
20:49:07.0734 3332 System windows directory: C:\windows
20:49:07.0734 3332 Processor architecture: Intel x86
20:49:07.0734 3332 Number of processors: 2
20:49:07.0734 3332 Page size: 0x1000
20:49:07.0734 3332 Boot type: Normal boot
20:49:07.0734 3332 ============================================================
20:49:08.0811 3332 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
20:49:08.0889 3332 Initialize success
20:49:11.0213 2904 ============================================================
20:49:11.0213 2904 Scan started
20:49:11.0213 2904 Mode: Manual;
20:49:11.0213 2904 ============================================================
20:49:13.0818 2904 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
20:49:13.0818 2904 1394ohci - ok
20:49:13.0912 2904 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
20:49:13.0928 2904 ACPI - ok
20:49:14.0021 2904 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
20:49:14.0037 2904 AcpiPmi - ok
20:49:14.0193 2904 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
20:49:14.0208 2904 adp94xx - ok
20:49:14.0333 2904 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
20:49:14.0333 2904 adpahci - ok
20:49:14.0489 2904 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
20:49:14.0489 2904 adpu320 - ok
20:49:14.0645 2904 afcdp (4fa0ca536dab995baf48bd41b4e2ed00) C:\windows\system32\DRIVERS\afcdp.sys
20:49:14.0645 2904 afcdp - ok
20:49:14.0801 2904 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
20:49:14.0817 2904 AFD - ok
20:49:14.0957 2904 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
20:49:15.0004 2904 AgereSoftModem - ok
20:49:15.0098 2904 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
20:49:15.0113 2904 agp440 - ok
20:49:15.0222 2904 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
20:49:15.0222 2904 aic78xx - ok
20:49:15.0363 2904 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
20:49:15.0363 2904 aliide - ok
20:49:15.0456 2904 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
20:49:15.0472 2904 amdagp - ok
20:49:15.0581 2904 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
20:49:15.0581 2904 amdide - ok
20:49:15.0690 2904 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
20:49:15.0690 2904 AmdK8 - ok
20:49:15.0800 2904 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
20:49:15.0800 2904 AmdPPM - ok
20:49:15.0924 2904 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
20:49:16.0002 2904 amdsata - ok
20:49:16.0112 2904 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
20:49:16.0112 2904 amdsbs - ok
20:49:16.0252 2904 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
20:49:16.0252 2904 amdxata - ok
20:49:16.0346 2904 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
20:49:16.0346 2904 AppID - ok
20:49:16.0502 2904 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
20:49:16.0502 2904 arc - ok
20:49:16.0595 2904 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
20:49:16.0611 2904 arcsas - ok
20:49:16.0767 2904 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\windows\System32\DRIVERS\ASPI32.sys
20:49:16.0798 2904 ASPI - ok
20:49:16.0923 2904 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
20:49:16.0938 2904 AsyncMac - ok
20:49:17.0063 2904 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
20:49:17.0063 2904 atapi - ok
20:49:17.0204 2904 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
20:49:17.0219 2904 b06bdrv - ok
20:49:17.0328 2904 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
20:49:17.0344 2904 b57nd60x - ok
20:49:17.0484 2904 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
20:49:17.0484 2904 Beep - ok
20:49:17.0594 2904 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
20:49:17.0609 2904 blbdrive - ok
20:49:17.0750 2904 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
20:49:17.0750 2904 bowser - ok
20:49:17.0859 2904 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
20:49:17.0859 2904 BrFiltLo - ok
20:49:17.0952 2904 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
20:49:17.0952 2904 BrFiltUp - ok
20:49:18.0108 2904 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
20:49:18.0108 2904 BridgeMP - ok
20:49:18.0280 2904 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\system32\Drivers\Brserid.sys
20:49:18.0342 2904 Brserid - ok
20:49:18.0436 2904 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
20:49:18.0452 2904 BrSerWdm - ok
20:49:18.0530 2904 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
20:49:18.0545 2904 BrUsbMdm - ok
20:49:18.0592 2904 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\system32\Drivers\BrUsbSer.sys
20:49:18.0608 2904 BrUsbSer - ok
20:49:18.0623 2904 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
20:49:18.0639 2904 BTHMODEM - ok
20:49:18.0764 2904 catchme - ok
20:49:18.0873 2904 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
20:49:18.0873 2904 cdfs - ok
20:49:19.0029 2904 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
20:49:19.0044 2904 cdrom - ok
20:49:19.0200 2904 cfwids (7e6f7da1c4de5680820f964562548949) C:\windows\system32\drivers\cfwids.sys
20:49:19.0247 2904 cfwids - ok
20:49:19.0356 2904 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
20:49:19.0372 2904 circlass - ok
20:49:19.0466 2904 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
20:49:19.0466 2904 CLFS - ok
20:49:19.0575 2904 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
20:49:19.0590 2904 CmBatt - ok
20:49:19.0684 2904 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
20:49:19.0684 2904 cmdide - ok
20:49:19.0793 2904 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
20:49:19.0793 2904 CNG - ok
20:49:19.0918 2904 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
20:49:19.0918 2904 Compbatt - ok
20:49:20.0027 2904 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
20:49:20.0027 2904 CompositeBus - ok
20:49:20.0136 2904 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
20:49:20.0152 2904 crcdisk - ok
20:49:20.0339 2904 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
20:49:20.0339 2904 DfsC - ok
20:49:20.0448 2904 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
20:49:20.0448 2904 discache - ok
20:49:20.0604 2904 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
20:49:20.0604 2904 Disk - ok
20:49:20.0698 2904 DLPortIO - ok
20:49:20.0838 2904 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
20:49:20.0854 2904 drmkaud - ok
20:49:20.0994 2904 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\windows\system32\DRIVERS\dtsoftbus01.sys
20:49:21.0010 2904 dtsoftbus01 - ok
20:49:21.0182 2904 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
20:49:21.0228 2904 DXGKrnl - ok
20:49:21.0431 2904 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
20:49:21.0540 2904 ebdrv - ok
20:49:21.0681 2904 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
20:49:21.0696 2904 elxstor - ok
20:49:21.0837 2904 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\windows\system32\epmntdrv.sys
20:49:22.0164 2904 epmntdrv - ok
20:49:22.0289 2904 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
20:49:22.0305 2904 ErrDev - ok
20:49:22.0445 2904 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\windows\system32\EuGdiDrv.sys
20:49:22.0710 2904 EuGdiDrv - ok
20:49:22.0851 2904 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
20:49:22.0851 2904 exfat - ok
20:49:22.0944 2904 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
20:49:22.0960 2904 fastfat - ok
20:49:23.0069 2904 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
20:49:23.0069 2904 fdc - ok
20:49:23.0163 2904 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
20:49:23.0178 2904 FileInfo - ok
20:49:23.0256 2904 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
20:49:23.0256 2904 Filetrace - ok
20:49:23.0397 2904 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
20:49:23.0397 2904 flpydisk - ok
20:49:23.0490 2904 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
20:49:23.0490 2904 FltMgr - ok
20:49:23.0600 2904 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
20:49:23.0600 2904 FsDepends - ok
20:49:23.0693 2904 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
20:49:23.0693 2904 Fs_Rec - ok
20:49:23.0834 2904 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
20:49:23.0834 2904 fvevol - ok
20:49:23.0943 2904 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
20:49:23.0958 2904 gagp30kx - ok
20:49:24.0099 2904 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:49:24.0130 2904 GEARAspiWDM - ok
20:49:24.0348 2904 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
20:49:24.0348 2904 hcw85cir - ok
20:49:24.0473 2904 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
20:49:24.0473 2904 HdAudAddService - ok
20:49:24.0629 2904 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
20:49:24.0629 2904 HDAudBus - ok
20:49:24.0723 2904 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
20:49:24.0738 2904 HidBatt - ok
20:49:24.0770 2904 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
20:49:24.0770 2904 HidBth - ok
20:49:24.0894 2904 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
20:49:24.0910 2904 HidIr - ok
20:49:25.0019 2904 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
20:49:25.0035 2904 HidUsb - ok
20:49:25.0160 2904 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
20:49:25.0175 2904 HpSAMD - ok
20:49:25.0284 2904 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
20:49:25.0284 2904 HTTP - ok
20:49:25.0394 2904 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
20:49:25.0394 2904 hwpolicy - ok
20:49:25.0518 2904 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
20:49:25.0518 2904 i8042prt - ok
20:49:25.0628 2904 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
20:49:25.0643 2904 iaStor - ok
20:49:25.0784 2904 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
20:49:25.0877 2904 iaStorV - ok
20:49:26.0002 2904 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
20:49:26.0002 2904 iirsp - ok
20:49:26.0267 2904 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
20:49:26.0392 2904 IntcAzAudAddService - ok
20:49:26.0517 2904 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
20:49:26.0532 2904 intelide - ok
20:49:26.0642 2904 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
20:49:26.0642 2904 intelppm - ok
20:49:26.0829 2904 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:49:26.0829 2904 IpFilterDriver - ok
20:49:26.0969 2904 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
20:49:26.0969 2904 IPMIDRV - ok
20:49:27.0063 2904 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
20:49:27.0063 2904 IPNAT - ok
20:49:27.0219 2904 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
20:49:27.0219 2904 IRENUM - ok
20:49:27.0312 2904 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
20:49:27.0312 2904 isapnp - ok
20:49:27.0422 2904 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
20:49:27.0437 2904 iScsiPrt - ok
20:49:27.0546 2904 ivusb (b43cf31abacb13869662a076ce6252ad) C:\windows\system32\DRIVERS\ivusb.sys
20:49:27.0593 2904 ivusb - ok
20:49:27.0718 2904 JMCR (65da9fa42c0972fe5b9b7d6047f06f4c) C:\windows\system32\DRIVERS\jmcr.sys
20:49:27.0796 2904 JMCR - ok
20:49:27.0936 2904 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
20:49:27.0952 2904 kbdclass - ok
20:49:28.0061 2904 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
20:49:28.0061 2904 kbdhid - ok
20:49:28.0170 2904 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
20:49:28.0170 2904 KSecDD - ok
20:49:28.0358 2904 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
20:49:28.0373 2904 KSecPkg - ok
20:49:28.0685 2904 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
20:49:28.0685 2904 lltdio - ok
20:49:28.0841 2904 LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys
20:49:28.0841 2904 LPCFilter - ok
20:49:28.0950 2904 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
20:49:28.0966 2904 LSI_FC - ok
20:49:29.0091 2904 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
20:49:29.0106 2904 LSI_SAS - ok
20:49:29.0138 2904 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
20:49:29.0153 2904 LSI_SAS2 - ok
20:49:29.0262 2904 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
20:49:29.0262 2904 LSI_SCSI - ok
20:49:29.0403 2904 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
20:49:29.0418 2904 luafv - ok
20:49:29.0730 2904 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
20:49:29.0746 2904 megasas - ok
20:49:29.0840 2904 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
20:49:29.0855 2904 MegaSR - ok
20:49:29.0996 2904 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\windows\system32\drivers\mfeapfk.sys
20:49:30.0011 2904 mfeapfk - ok
20:49:30.0245 2904 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\windows\system32\drivers\mfeavfk.sys
20:49:30.0308 2904 mfeavfk - ok
20:49:30.0417 2904 mfeavfk01 - ok
20:49:30.0573 2904 mfebopk (19161b1796cf74a6a326abde309062ba) C:\windows\system32\drivers\mfebopk.sys
20:49:30.0573 2904 mfebopk - ok
20:49:30.0729 2904 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\windows\system32\drivers\mfefirek.sys
20:49:30.0791 2904 mfefirek - ok
20:49:30.0947 2904 mfehidk (0efab2b91b27543fe589de700de07136) C:\windows\system32\drivers\mfehidk.sys
20:49:30.0947 2904 mfehidk - ok
20:49:31.0072 2904 mfenlfk (b4022e16569bbd1a85e68e7e78e68880) C:\windows\system32\DRIVERS\mfenlfk.sys
20:49:31.0119 2904 mfenlfk - ok
20:49:31.0244 2904 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\windows\system32\drivers\mferkdet.sys
20:49:31.0306 2904 mferkdet - ok
20:49:31.0446 2904 mfewfpk (183f32c79d1693170df3baecec611125) C:\windows\system32\drivers\mfewfpk.sys
20:49:31.0478 2904 mfewfpk - ok
20:49:31.0602 2904 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
20:49:31.0602 2904 Modem - ok
20:49:31.0712 2904 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
20:49:31.0712 2904 monitor - ok
20:49:31.0836 2904 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
20:49:31.0836 2904 mouclass - ok
20:49:31.0977 2904 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
20:49:31.0977 2904 mouhid - ok
20:49:32.0070 2904 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
20:49:32.0070 2904 mountmgr - ok
20:49:32.0180 2904 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
20:49:32.0195 2904 mpio - ok
20:49:32.0320 2904 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
20:49:32.0336 2904 mpsdrv - ok
20:49:32.0429 2904 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
20:49:32.0445 2904 MRxDAV - ok
20:49:32.0585 2904 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
20:49:32.0585 2904 mrxsmb - ok
20:49:32.0694 2904 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:49:32.0710 2904 mrxsmb10 - ok
20:49:32.0835 2904 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:49:32.0835 2904 mrxsmb20 - ok
20:49:32.0897 2904 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
20:49:32.0897 2904 msahci - ok
20:49:32.0991 2904 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
20:49:33.0006 2904 msdsm - ok
20:49:33.0147 2904 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
20:49:33.0162 2904 Msfs - ok
20:49:33.0256 2904 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
20:49:33.0256 2904 mshidkmdf - ok
20:49:33.0287 2904 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
20:49:33.0287 2904 msisadrv - ok
20:49:33.0428 2904 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
20:49:33.0443 2904 MSKSSRV - ok
20:49:33.0552 2904 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
20:49:33.0568 2904 MSPCLOCK - ok
20:49:33.0677 2904 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
20:49:33.0693 2904 MSPQM - ok
20:49:33.0818 2904 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
20:49:33.0818 2904 MsRPC - ok
20:49:33.0849 2904 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
20:49:33.0849 2904 mssmbios - ok
20:49:33.0958 2904 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
20:49:33.0958 2904 MSTEE - ok
20:49:34.0067 2904 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
20:49:34.0067 2904 MTConfig - ok
20:49:34.0161 2904 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
20:49:34.0161 2904 Mup - ok
20:49:34.0301 2904 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
20:49:34.0317 2904 NativeWifiP - ok
20:49:34.0426 2904 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
20:49:34.0426 2904 NDIS - ok
20:49:34.0551 2904 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
20:49:34.0551 2904 NdisCap - ok
20:49:34.0676 2904 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
20:49:34.0676 2904 NdisTapi - ok
20:49:34.0816 2904 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
20:49:34.0816 2904 Ndisuio - ok
20:49:34.0925 2904 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
20:49:34.0925 2904 NdisWan - ok
20:49:35.0034 2904 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
20:49:35.0050 2904 NDProxy - ok
20:49:35.0190 2904 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
20:49:35.0190 2904 NetBIOS - ok
20:49:35.0284 2904 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
20:49:35.0300 2904 NetBT - ok
20:49:35.0487 2904 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
20:49:35.0487 2904 nfrd960 - ok
20:49:35.0596 2904 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
20:49:35.0596 2904 Npfs - ok
20:49:35.0705 2904 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
20:49:35.0721 2904 nsiproxy - ok
20:49:35.0846 2904 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
20:49:35.0846 2904 Ntfs - ok
20:49:35.0955 2904 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
20:49:35.0955 2904 Null - ok
20:49:36.0064 2904 NVHDA (a82534d453425f5fee4b6a583fdcf3eb) C:\windows\system32\drivers\nvhda32v.sys
20:49:36.0111 2904 NVHDA - ok
20:49:36.0454 2904 nvlddmkm (f484e314c710b9c297f9ab363ff74370) C:\windows\system32\DRIVERS\nvlddmkm.sys
20:49:36.0813 2904 nvlddmkm - ok
20:49:36.0922 2904 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
20:49:36.0969 2904 nvraid - ok
20:49:37.0078 2904 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
20:49:37.0156 2904 nvstor - ok
20:49:37.0281 2904 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
20:49:37.0296 2904 nv_agp - ok
20:49:37.0421 2904 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
20:49:37.0421 2904 ohci1394 - ok
20:49:37.0577 2904 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
20:49:37.0577 2904 Parport - ok
20:49:37.0686 2904 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
20:49:37.0686 2904 partmgr - ok
20:49:37.0780 2904 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
20:49:37.0780 2904 Parvdm - ok
20:49:37.0889 2904 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
20:49:37.0889 2904 pci - ok
20:49:37.0998 2904 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
20:49:37.0998 2904 pciide - ok
20:49:38.0092 2904 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
20:49:38.0108 2904 pcmcia - ok
20:49:38.0217 2904 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
20:49:38.0232 2904 pcw - ok
20:49:38.0357 2904 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
20:49:38.0388 2904 PEAUTH - ok
20:49:38.0529 2904 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
20:49:38.0622 2904 PGEffect - ok
20:49:38.0825 2904 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
20:49:38.0825 2904 PptpMiniport - ok
20:49:38.0934 2904 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
20:49:38.0950 2904 Processor - ok
20:49:39.0059 2904 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
20:49:39.0059 2904 Psched - ok
20:49:39.0215 2904 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\windows\system32\DRIVERS\psi_mf.sys
20:49:39.0324 2904 PSI - ok
20:49:39.0465 2904 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
20:49:39.0496 2904 ql2300 - ok
20:49:39.0605 2904 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
20:49:39.0605 2904 ql40xx - ok
20:49:39.0714 2904 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
20:49:39.0730 2904 QWAVEdrv - ok
20:49:39.0824 2904 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
20:49:39.0824 2904 RasAcd - ok
20:49:39.0948 2904 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
20:49:39.0948 2904 RasAgileVpn - ok
20:49:40.0073 2904 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
20:49:40.0089 2904 Rasl2tp - ok
20:49:40.0214 2904 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
20:49:40.0245 2904 RasPppoe - ok
20:49:40.0370 2904 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
20:49:40.0385 2904 RasSstp - ok
20:49:40.0494 2904 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
20:49:40.0494 2904 rdbss - ok
20:49:40.0604 2904 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
20:49:40.0619 2904 rdpbus - ok
20:49:40.0713 2904 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
20:49:40.0713 2904 RDPCDD - ok
20:49:40.0838 2904 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
20:49:40.0853 2904 RDPENCDD - ok
20:49:40.0978 2904 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
20:49:40.0978 2904 RDPREFMP - ok
20:49:41.0087 2904 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
20:49:41.0087 2904 RDPWD - ok
20:49:41.0212 2904 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
20:49:41.0228 2904 rdyboost - ok
20:49:41.0415 2904 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
20:49:41.0430 2904 rspndr - ok
20:49:41.0555 2904 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys
20:49:41.0633 2904 RTL8167 - ok
20:49:41.0774 2904 rtl8192se (fd0b1d3ce2e7debd0ae8456494d21488) C:\windows\system32\DRIVERS\rtl8192se.sys
20:49:41.0852 2904 rtl8192se - ok
20:49:41.0976 2904 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
20:49:41.0992 2904 sbp2port - ok
20:49:42.0086 2904 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
20:49:42.0086 2904 scfilter - ok
20:49:42.0242 2904 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\windows\system32\DRIVERS\sdbus.sys
20:49:42.0257 2904 sdbus - ok
20:49:42.0444 2904 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
20:49:42.0444 2904 secdrv - ok
20:49:42.0600 2904 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
20:49:42.0600 2904 Serenum - ok
20:49:42.0741 2904 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
20:49:42.0741 2904 Serial - ok
20:49:42.0850 2904 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
20:49:42.0850 2904 sermouse - ok
20:49:43.0006 2904 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
20:49:43.0006 2904 sffdisk - ok
20:49:43.0115 2904 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
20:49:43.0115 2904 sffp_mmc - ok
20:49:43.0224 2904 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
20:49:43.0224 2904 sffp_sd - ok
20:49:43.0334 2904 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
20:49:43.0349 2904 sfloppy - ok
20:49:43.0458 2904 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
20:49:43.0458 2904 sisagp - ok
20:49:43.0583 2904 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
20:49:43.0599 2904 SiSRaid2 - ok
20:49:43.0692 2904 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
20:49:43.0692 2904 SiSRaid4 - ok
20:49:43.0817 2904 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
20:49:43.0817 2904 Smb - ok
20:49:43.0973 2904 snapman (4f7ed0c2f594f1b8e9cafab21eb86126) C:\windows\system32\DRIVERS\snapman.sys
20:49:43.0973 2904 snapman - ok
20:49:44.0098 2904 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
20:49:44.0098 2904 spldr - ok
20:49:44.0238 2904 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
20:49:44.0238 2904 srv - ok
20:49:44.0363 2904 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
20:49:44.0379 2904 srv2 - ok
20:49:44.0519 2904 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
20:49:44.0519 2904 srvnet - ok
20:49:44.0644 2904 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
20:49:44.0644 2904 stexstor - ok
20:49:44.0769 2904 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
20:49:44.0784 2904 swenum - ok
20:49:44.0956 2904 SynTP (3f4982de07d89a1084861e9d59f7ebb1) C:\windows\system32\DRIVERS\SynTP.sys
20:49:45.0003 2904 SynTP - ok
20:49:45.0190 2904 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys
20:49:45.0252 2904 Tcpip - ok
20:49:45.0393 2904 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys
20:49:45.0408 2904 TCPIP6 - ok
20:49:45.0533 2904 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
20:49:45.0533 2904 tcpipreg - ok
20:49:45.0674 2904 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
20:49:45.0705 2904 tdcmdpst - ok
20:49:45.0798 2904 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
20:49:45.0798 2904 TDPIPE - ok
20:49:45.0954 2904 tdrpman258 (8de3e45000ba8c9ebb16737d3f83e216) C:\windows\system32\DRIVERS\tdrpm258.sys
20:49:45.0970 2904 tdrpman258 - ok
20:49:46.0064 2904 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
20:49:46.0079 2904 TDTCP - ok
20:49:46.0173 2904 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
20:49:46.0188 2904 tdx - ok
20:49:46.0282 2904 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
20:49:46.0282 2904 TermDD - ok
20:49:46.0438 2904 Thpdrv (9528f2a39cb660a49f0592d57127f370) C:\windows\system32\DRIVERS\thpdrv.sys
20:49:46.0438 2904 Thpdrv - ok
20:49:46.0547 2904 Thpevm (e17dcde74ff00ca802643b4a9a4a4a5c) C:\windows\system32\DRIVERS\Thpevm.SYS
20:49:46.0547 2904 Thpevm - ok
20:49:46.0703 2904 timounter (3e06987fedbcdfbff8e85ef8108565f9) C:\windows\system32\DRIVERS\timntr.sys
20:49:46.0703 2904 timounter - ok
20:49:46.0890 2904 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
20:49:46.0906 2904 tos_sps32 - ok
20:49:47.0062 2904 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
20:49:47.0062 2904 tssecsrv - ok
20:49:47.0171 2904 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
20:49:47.0171 2904 tunnel - ok
20:49:47.0312 2904 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
20:49:47.0327 2904 TVALZ - ok
20:49:47.0452 2904 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
20:49:47.0561 2904 TVALZFL - ok
20:49:47.0686 2904 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
20:49:47.0686 2904 uagp35 - ok
20:49:47.0795 2904 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
20:49:47.0811 2904 udfs - ok
20:49:47.0951 2904 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
20:49:47.0951 2904 uliagpkx - ok
20:49:48.0076 2904 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
20:49:48.0092 2904 umbus - ok
20:49:48.0185 2904 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
20:49:48.0201 2904 UmPass - ok
20:49:48.0404 2904 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\windows\system32\Drivers\usbaapl.sys
20:49:48.0482 2904 USBAAPL - ok
20:49:48.0606 2904 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys
20:49:48.0653 2904 usbccgp - ok
20:49:48.0762 2904 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
20:49:48.0778 2904 usbcir - ok
20:49:48.0903 2904 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\DRIVERS\usbehci.sys
20:49:48.0965 2904 usbehci - ok
20:49:49.0106 2904 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
20:49:49.0184 2904 usbhub - ok
20:49:49.0308 2904 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
20:49:49.0386 2904 usbohci - ok
20:49:49.0496 2904 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
20:49:49.0511 2904 usbprint - ok
20:49:49.0636 2904 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
20:49:49.0652 2904 usbscan - ok
20:49:49.0776 2904 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:49:49.0839 2904 USBSTOR - ok
20:49:49.0964 2904 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\DRIVERS\usbuhci.sys
20:49:49.0964 2904 usbuhci - ok
20:49:50.0104 2904 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
20:49:50.0213 2904 usbvideo - ok
20:49:50.0354 2904 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
20:49:50.0354 2904 vdrvroot - ok
20:49:50.0541 2904 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
20:49:50.0556 2904 vga - ok
20:49:50.0666 2904 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
20:49:50.0681 2904 VgaSave - ok
20:49:50.0806 2904 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
20:49:50.0822 2904 vhdmp - ok
20:49:50.0946 2904 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
20:49:50.0962 2904 viaagp - ok
20:49:51.0071 2904 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
20:49:51.0087 2904 ViaC7 - ok
20:49:51.0196 2904 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
20:49:51.0212 2904 viaide - ok
20:49:51.0321 2904 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
20:49:51.0321 2904 volmgr - ok
20:49:51.0461 2904 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
20:49:51.0461 2904 volmgrx - ok
20:49:51.0602 2904 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
20:49:51.0602 2904 volsnap - ok
20:49:51.0742 2904 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
20:49:51.0742 2904 vsmraid - ok
20:49:51.0867 2904 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
20:49:51.0867 2904 vwifibus - ok
20:49:52.0023 2904 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
20:49:52.0023 2904 vwififlt - ok
20:49:52.0148 2904 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
20:49:52.0148 2904 vwifimp - ok
20:49:52.0272 2904 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
20:49:52.0272 2904 WacomPen - ok
20:49:52.0397 2904 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
20:49:52.0397 2904 WANARP - ok
20:49:52.0413 2904 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
20:49:52.0413 2904 Wanarpv6 - ok
20:49:52.0600 2904 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
20:49:52.0616 2904 Wd - ok
20:49:52.0725 2904 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\windows\system32\DRIVERS\wdcsam.sys
20:49:52.0850 2904 WDC_SAM - ok
20:49:52.0990 2904 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
20:49:52.0990 2904 Wdf01000 - ok
20:49:53.0177 2904 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
20:49:53.0177 2904 WfpLwf - ok
20:49:53.0302 2904 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
20:49:53.0302 2904 WIMMount - ok
20:49:53.0505 2904 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
20:49:53.0520 2904 WinUsb - ok
20:49:53.0645 2904 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
20:49:53.0661 2904 WmiAcpi - ok
20:49:53.0832 2904 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
20:49:53.0832 2904 ws2ifsl - ok
20:49:54.0004 2904 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
20:49:54.0020 2904 WudfPf - ok
20:49:54.0160 2904 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
20:49:54.0160 2904 WUDFRd - ok
20:49:54.0285 2904 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
20:49:54.0347 2904 \Device\Harddisk0\DR0 - ok
20:49:54.0363 2904 Boot (0x1200) (7d5bc0e35c3a4d60ad092b8e8376463e) \Device\Harddisk0\DR0\Partition0
20:49:54.0363 2904 \Device\Harddisk0\DR0\Partition0 - ok
20:49:54.0363 2904 ============================================================
20:49:54.0363 2904 Scan finished
20:49:54.0363 2904 ============================================================
20:49:54.0378 4996 Detected object count: 0
20:49:54.0378 4996 Actual detected object count: 0

Faith

#8 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,549
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 13 January 2012 - 10:21 PM

try this and see if it speeds things up

1.Click on "Start" and point to "Search".

2.Write "device" into the search box and Press "Search".

3.Select "Device Manager" in the search results.

4.Open the Disk Drive branch.

5.Click the hard disk for its property sheet.

6.Activate "Enable Write Caching" on the Device check box.

7.For maximum performance, activate the "Turn Off Windows Write-Cache Buffer Flushing on the Device" too.

8.Click "OK"
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#9 User is offline   faith766 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 32
  • Joined: 17-May 11

Posted 13 January 2012 - 10:28 PM

I enabled the turn off windows Write-cache buffer... I'll see what that does.
But ComboFix doesn't show anything wrong does it?
I was wondering if removing some start up entries might help.

#10 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,549
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 13 January 2012 - 11:27 PM

Hello

the reports look good

let me know if it did help speed things up

we will get to the startups soon


Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    Java DB 10.6.2.1
    Java™ 6 Update 26
    Java™ SE Development Kit 6 Update 26


    and click on remove




Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

    I would like you to rerun MBAM

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

    In your next post I need the following

    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#11 User is offline   faith766 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 32
  • Joined: 17-May 11

Posted 14 January 2012 - 03:17 PM

I have done what you've asked.

Here is the log for Hijack This:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:06:47 PM, on 14/01/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe
C:\Program Files\Common Files\Adobe\dynamiclink\processcoordinationserver.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110108210300.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [ThpSrv] C:\windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} (Cisco SSL VPN Relay Loader) - https://mytdsb.on.ca/+CSCOL+/csvrloader32.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/plugins/activex/YoYo.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\windows\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\windows\system32\ThpSrv.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 11667 bytes


-----------------------------------------------------------------------------------------------------------------

Now here's the MBAM's log:


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.14.01

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Mihil :: MHVPATEL [administrator]

14/01/2012 12:37:47 AM
mbam-log-2012-01-14 (00-37-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205481
Time elapsed: 14 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---------------------------------------------------------------------------------------------------

The computer seems considerably faster now. Which is good!

Faith

#12 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,549
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 14 January 2012 - 11:22 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

      O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

      NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt

Copy and paste that log as a reply to this topic

Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#13 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,549
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 18 January 2012 - 06:20 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#14 User is offline   faith766 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 32
  • Joined: 17-May 11

Posted 18 January 2012 - 05:36 PM

I'm sorry that it's taking long, it's just that I am EXTREMELY busy this week so I am unable to finish up on this task. Even as I write this, I am on someone's else's computer. I am very sorry for the delay. I will send you the results ASAP.

Thank you,
Faith

#15 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,549
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 18 January 2012 - 10:56 PM

no problem I will check on you in a couple of days to see how things are going


gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users