Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Infection - Virus Malware Scanners Clean


  • This topic is locked This topic is locked
4 replies to this topic

#1 pangea

pangea

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 22 July 2011 - 11:39 PM

Here is the link to my initial post in the other forum section http://www.bleepingcomputer.com/forums/topic410658.html. It contains details on my actions so far.

All the virus/malware scanners I have been using are now coming up clean but the google redirect remains. Sometimes I will get one or two google search links to work but then the redirect comes back. I have also discovered that I cannot start windows defender. I never use it but I have seen it as a sympton in infections other people are experiencing. As requested I will paste the contents of the following logs

DDS
GMER
aswMBR
TDSSKiller

Each will have to be in a separate post as they cannot all fit in one.

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Collins at 12:34:19 on 2011-07-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3325.1994 [GMT 10:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\DKabcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SetPoint\LBTWiz.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\LockStatusTray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Collins\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.afl.com.au/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6080618
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz0.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110709144029.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz0.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Facetheme: {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - c:\program files\object\bho_project.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [<NO NAME>]
mRun: [Logitech BT Wizard] LBTWiz.exe -silent
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [LockStatusTray] c:\windows\LockStatusTray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 0.0.0.0 www.goingonearth.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\collins\appdata\roaming\mozilla\firefox\profiles\cqn44ewz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.qut.edu.au/
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\collins\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\collins\appdata\roaming\facebook\npfbplugin_1_0_1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-23 387480]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-7-20 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-7-20 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-7-20 656320]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2011-7-20 3968]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-23 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-23 165032]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-8-31 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-8-31 234888]
R2 dkab_device;dkab_device;c:\windows\system32\dkabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-20 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-21 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-23 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-23 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-23 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-23 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-23 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-23 141792]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2008-7-25 42280]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-23 56064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-20 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-23 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-23 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-23 314088]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FlexService;Remote Connections Service;"c:\program files\rapidbit\cisvc.exe" --> c:\program files\rapidbit\cisvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-6 135664]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-27 25832]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-18 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-6 135664]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-23 84488]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-7-20 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-7-20 1150936]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-9-11 19968]
.
=============== Created Last 30 ================
.
2011-07-22 23:44:15 -------- d-sh--w- C:\$RECYCLE.BIN
2011-07-20 04:15:09 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2011-07-20 01:59:44 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-07-20 01:59:44 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-07-20 01:59:44 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-07-20 01:59:44 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-07-20 01:59:42 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-07-20 01:59:42 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-07-20 01:59:30 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-07-20 01:59:21 -------- d-----w- c:\users\collins\appdata\roaming\PC Tools
2011-07-20 01:59:21 -------- d-----w- c:\programdata\PC Tools
2011-07-20 01:59:21 -------- d-----w- c:\program files\PC Tools Security
2011-07-20 01:59:21 -------- d-----w- c:\program files\common files\PC Tools
2011-07-19 21:04:44 -------- d-----w- c:\users\collins\appdata\roaming\Malwarebytes
2011-07-19 21:04:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-19 21:04:07 -------- d-----w- c:\programdata\Malwarebytes
2011-07-19 21:04:04 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-19 21:04:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-19 08:35:07 0 --sha-w- c:\windows\act_apl.exe
2011-07-19 08:17:12 71680 --sha-r- c:\windows\system32\WMVSENCD7.dll
2011-07-19 02:28:14 -------- d-----w- c:\users\collins\appdata\local\Ahead
2011-07-19 02:24:46 -------- d-----w- c:\programdata\Nero
2011-07-19 02:24:46 -------- d-----w- c:\program files\Nero
2011-07-19 02:14:51 -------- d-----w- c:\program files\SmartFTP Client
2011-07-19 02:14:08 -------- d-----w- c:\program files\Object
2011-07-19 02:10:47 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files
2011-07-19 00:49:45 -------- d-----w- c:\users\collins\appdata\local\{17E42073-E644-4C29-8E9C-F02F65B5D2B7}
2011-07-18 09:15:58 -------- d-----w- c:\users\collins\appdata\local\{F8E7A736-AD37-4078-82EC-611DF6A8E2D6}
2011-07-18 04:26:04 -------- d-----w- c:\program files\iPod
2011-07-17 03:51:47 -------- d-----w- c:\users\collins\appdata\local\{5AC10177-3443-4F0C-AFD3-C8C59B8F0141}
2011-07-13 10:08:07 -------- d-----w- c:\users\collins\appdata\local\{5174698C-9EAB-45E3-AAF4-7E58A750758E}
2011-07-13 08:37:02 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-13 08:37:02 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-13 08:37:01 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 08:36:57 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 08:36:57 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-10 02:15:15 -------- d-----w- c:\users\collins\appdata\local\{C4DF3396-FAB8-4C55-A481-B65ECA5D0FC7}
2011-06-28 23:54:20 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-25 09:02:58 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-25 09:02:58 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
.
==================== Find3M ====================
.
2011-07-08 13:57:56 15819776 ----a-w- c:\windows\system32\imageres.dll
2011-06-24 22:34:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-09 22:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-09 22:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-03 18:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25:10 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25:09 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24:50 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24:42 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24:40 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 12:35:09.73 ===============

Attached Files


Edited by pangea, 23 July 2011 - 05:16 PM.


BC AdBot (Login to Remove)

 


#2 pangea

pangea
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 23 July 2011 - 05:03 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-23 13:08:04
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005f WDC_WD50 rev.01.0
Running: ildqwsfo.exe; Driver: C:\Users\Collins\AppData\Local\Temp\pxtiafod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x812F7F68]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x812F8230]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x812F79D8]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x812F852C]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x812C01E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x812C01FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x812C01D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80C3B982 5 Bytes JMP 812C01D8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!KeSetEvent + 209 80CBC98C 8 Bytes [68, 7F, 2F, 81, 30, 82, 2F, ...] {PUSH 0x30812f7f; SUB BYTE [EDI], -0x7f}
.text ntkrnlpa.exe!KeSetEvent + 621 80CBCDA4 4 Bytes [D8, 79, 2F, 81]
.text ntkrnlpa.exe!KeSetEvent + 6E5 80CBCE68 4 Bytes [2C, 85, 2F, 81]
PAGE ntkrnlpa.exe!NtMapViewOfSection 80E2082A 7 Bytes JMP 812C01EC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 80E20AED 5 Bytes JMP 812C0202 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? C:\Users\Collins\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[720] ntdll.dll!NtCreateFile 775F4224 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\services.exe[720] ntdll.dll!NtCreateProcess 775F42E4 5 Bytes JMP 000B0FC3
.text C:\Windows\system32\services.exe[720] ntdll.dll!NtProtectVirtualMemory 775F4B84 5 Bytes JMP 000B0FD4
.text C:\Windows\system32\services.exe[720] kernel32.dll!GetStartupInfoW 762C1929 5 Bytes JMP 000A0F6A
.text C:\Windows\system32\services.exe[720] kernel32.dll!GetStartupInfoA 762C19C9 5 Bytes JMP 000A00BA
.text C:\Windows\system32\services.exe[720] kernel32.dll!CreateProcessW 762C1BF3 5 Bytes JMP 000A0F48
.text C:\Windows\system32\services.exe[720] kernel32.dll!CreateProcessA 762C1C28 5 Bytes JMP 000A0F59
.text C:\Windows\system32\services.exe[720] kernel32.dll!VirtualProtect 762C1DC3 5 Bytes JMP 000A0073
.text C:\Windows\system32\services.exe[720] kernel32.dll!CreateNamedPipeA 762C2EF5 5 Bytes JMP 000A001B
.text C:\Windows\system32\services.exe[720] kernel32.dll!CreateNamedPipeW 762C5C0C 5 Bytes JMP 000A0036
.text C:\Windows\system32\services.exe[720] kernel32.dll!CreatePipe 762E8F06 5 Bytes JMP 000A00A9
.text C:\Windows\system32\services.exe[720] kernel32.dll!LoadLibraryExW 762E927C 5 Bytes JMP 000A0FA5
.text C:\Windows\system32\services.exe[720] kernel32.dll!LoadLibraryW 762E9400 5 Bytes JMP 000A0062
.text C:\Windows\system32\services.exe[720] kernel32.dll!LoadLibraryExA 762E9554 5 Bytes JMP 000A0FC0
.text C:\Windows\system32\services.exe[720] kernel32.dll!LoadLibraryA 762E957C 5 Bytes JMP 000A0047
.text C:\Windows\system32\services.exe[720] kernel32.dll!VirtualProtectEx 762EDC52 5 Bytes JMP 000A0098
.text C:\Windows\system32\services.exe[720] kernel32.dll!GetProcAddress 7630925B 5 Bytes JMP 000A0104
.text C:\Windows\system32\services.exe[720] kernel32.dll!CreateFileW 7630B0EB 5 Bytes JMP 000A000A
.text C:\Windows\system32\services.exe[720] kernel32.dll!CreateFileA 7630D07F 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\services.exe[720] kernel32.dll!WinExec 763560CF 5 Bytes JMP 000A00D5
.text C:\Windows\system32\services.exe[720] ADVAPI32.dll!RegCreateKeyExA 771A39AB 5 Bytes JMP 00860F6F
.text C:\Windows\system32\services.exe[720] ADVAPI32.dll!RegCreateKeyA 771A3BA9 5 Bytes JMP 00860F94
.text C:\Windows\system32\services.exe[720] ADVAPI32.dll!RegOpenKeyA 771A89C7 5 Bytes JMP 00860FEF
.text C:\Windows\system32\services.exe[720] ADVAPI32.dll!RegCreateKeyW 771B391E 5 Bytes JMP 00860011
.text C:\Windows\system32\services.exe[720] ADVAPI32.dll!RegCreateKeyExW 771B41F1 5 Bytes JMP 00860036
.text C:\Windows\system32\services.exe[720] ADVAPI32.dll!RegOpenKeyExA 771B7C42 5 Bytes JMP 00860000
.text C:\Windows\system32\services.exe[720] ADVAPI32.dll!RegOpenKeyW 771BE2B5 5 Bytes JMP 00860FD4
.text C:\Windows\system32\services.exe[720] ADVAPI32.dll!RegOpenKeyExW 771C7BA1 1 Byte [E9]
.text C:\Windows\system32\services.exe[720] ADVAPI32.dll!RegOpenKeyExW 771C7BA1 5 Bytes JMP 00860FA5
.text C:\Windows\system32\services.exe[720] msvcrt.dll!_wsystem 75F27F2F 5 Bytes JMP 00830F90
.text C:\Windows\system32\services.exe[720] msvcrt.dll!system 75F2804B 5 Bytes JMP 0083001B
.text C:\Windows\system32\services.exe[720] msvcrt.dll!_creat 75F2BBE1 5 Bytes JMP 00830FC6
.text C:\Windows\system32\services.exe[720] msvcrt.dll!_open 75F2D106 5 Bytes JMP 00830FE3
.text C:\Windows\system32\services.exe[720] msvcrt.dll!_wcreat 75F2D326 5 Bytes JMP 00830FB5
.text C:\Windows\system32\services.exe[720] msvcrt.dll!_wopen 75F2D501 5 Bytes JMP 00830000
.text C:\Windows\system32\services.exe[720] WS2_32.dll!socket 75F836D1 3 Bytes JMP 00840000
.text C:\Windows\system32\services.exe[720] WS2_32.dll!socket + 4 75F836D5 1 Byte [8A]
.text C:\Windows\system32\lsass.exe[732] ntdll.dll!NtCreateFile 775F4224 5 Bytes JMP 00D30FEF
.text C:\Windows\system32\lsass.exe[732] ntdll.dll!NtCreateProcess 775F42E4 5 Bytes JMP 00D30FC3
.text C:\Windows\system32\lsass.exe[732] ntdll.dll!NtProtectVirtualMemory 775F4B84 5 Bytes JMP 00D30FDE
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!GetStartupInfoW 762C1929 5 Bytes JMP 0030009D
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!GetStartupInfoA 762C19C9 5 Bytes JMP 00300F57
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!CreateProcessW 762C1BF3 5 Bytes JMP 003000D3
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!CreateProcessA 762C1C28 5 Bytes JMP 003000B8
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!VirtualProtect 762C1DC3 5 Bytes JMP 00300F8D
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!CreateNamedPipeA 762C2EF5 5 Bytes JMP 0030001B
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!CreateNamedPipeW 762C5C0C 5 Bytes JMP 00300FCA
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!CreatePipe 762E8F06 5 Bytes JMP 00300082
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!LoadLibraryExW 762E927C 5 Bytes JMP 00300F9E
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!LoadLibraryW 762E9400 5 Bytes JMP 00300040
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!LoadLibraryExA 762E9554 5 Bytes JMP 00300051
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!LoadLibraryA 762E957C 5 Bytes JMP 00300FAF
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!VirtualProtectEx 762EDC52 5 Bytes JMP 00300F68
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!GetProcAddress 7630925B 5 Bytes JMP 003000E4
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!CreateFileW 7630B0EB 5 Bytes JMP 00300000
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!CreateFileA 7630D07F 5 Bytes JMP 00300FE5
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!WinExec 763560CF 5 Bytes JMP 00300F3C
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyExA 771A39AB 5 Bytes JMP 00D90F9E
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyA 771A3BA9 5 Bytes JMP 00D90036
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyA 771A89C7 5 Bytes JMP 00D90000
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyW 771B391E 5 Bytes JMP 00D90FB9
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyExW 771B41F1 5 Bytes JMP 00D90F83
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyExA 771B7C42 5 Bytes JMP 00D90FDB
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyW 771BE2B5 5 Bytes JMP 00D90011
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyExW 771C7BA1 5 Bytes JMP 00D90FCA
.text C:\Windows\system32\lsass.exe[732] msvcrt.dll!_wsystem 75F27F2F 5 Bytes JMP 000E0042
.text C:\Windows\system32\lsass.exe[732] msvcrt.dll!system 75F2804B 5 Bytes JMP 000E0FAD
.text C:\Windows\system32\lsass.exe[732] msvcrt.dll!_creat 75F2BBE1 5 Bytes JMP 000E000C
.text C:\Windows\system32\lsass.exe[732] msvcrt.dll!_open 75F2D106 5 Bytes JMP 000E0FEF
.text C:\Windows\system32\lsass.exe[732] msvcrt.dll!_wcreat 75F2D326 5 Bytes JMP 000E001D
.text C:\Windows\system32\lsass.exe[732] msvcrt.dll!_wopen 75F2D501 5 Bytes JMP 000E0FD2
.text C:\Windows\system32\lsass.exe[732] WS2_32.dll!socket 75F836D1 5 Bytes JMP 00D80FEF
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtCreateFile 775F4224 5 Bytes JMP 00870000
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtCreateProcess 775F42E4 5 Bytes JMP 00870FDB
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtProtectVirtualMemory 775F4B84 5 Bytes JMP 00870011
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!GetStartupInfoW 762C1929 5 Bytes JMP 00850F52
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!GetStartupInfoA 762C19C9 5 Bytes JMP 00850098
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreateProcessW 762C1BF3 5 Bytes JMP 00850F26
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreateProcessA 762C1C28 5 Bytes JMP 00850F37
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!VirtualProtect 762C1DC3 5 Bytes JMP 0085006C
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreateNamedPipeA 762C2EF5 5 Bytes JMP 00850FDE
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreateNamedPipeW 762C5C0C 5 Bytes JMP 00850FCD
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreatePipe 762E8F06 5 Bytes JMP 00850F77
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!LoadLibraryExW 762E927C 5 Bytes JMP 0085005B
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!LoadLibraryW 762E9400 5 Bytes JMP 00850040
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!LoadLibraryExA 762E9554 5 Bytes JMP 00850F9E
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!LoadLibraryA 762E957C 5 Bytes JMP 0085002F
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!VirtualProtectEx 762EDC52 5 Bytes JMP 0085007D
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!GetProcAddress 7630925B 5 Bytes JMP 00850F0B
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreateFileW 7630B0EB 5 Bytes JMP 00850014
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!CreateFileA 7630D07F 5 Bytes JMP 00850FEF
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!WinExec 763560CF 5 Bytes JMP 008500B3
.text C:\Windows\system32\svchost.exe[940] msvcrt.dll!_wsystem 75F27F2F 5 Bytes JMP 00880FA3
.text C:\Windows\system32\svchost.exe[940] msvcrt.dll!system 75F2804B 5 Bytes JMP 00880038
.text C:\Windows\system32\svchost.exe[940] msvcrt.dll!_creat 75F2BBE1 5 Bytes JMP 00880FE3
.text C:\Windows\system32\svchost.exe[940] msvcrt.dll!_open 75F2D106 5 Bytes JMP 0088000C
.text C:\Windows\system32\svchost.exe[940] msvcrt.dll!_wcreat 75F2D326 5 Bytes JMP 00880FD2
.text C:\Windows\system32\svchost.exe[940] msvcrt.dll!_wopen 75F2D501 5 Bytes JMP 0088001D
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExA 771A39AB 5 Bytes JMP 008A0F97
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyA 771A3BA9 5 Bytes JMP 008A0FC3
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyA 771A89C7 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyW 771B391E 5 Bytes JMP 008A0FA8
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExW 771B41F1 5 Bytes JMP 008A0F86
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExA 771B7C42 5 Bytes JMP 008A0014
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyW 771BE2B5 5 Bytes JMP 008A0FDE
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExW 771C7BA1 5 Bytes JMP 008A0039
.text C:\Windows\system32\svchost.exe[940] WS2_32.dll!socket 75F836D1 5 Bytes JMP 0089000A
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtCreateFile 775F4224 5 Bytes JMP 00210000
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtCreateProcess 775F42E4 5 Bytes JMP 0021001B
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtProtectVirtualMemory 775F4B84 5 Bytes JMP 00210FE5
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoW 762C1929 5 Bytes JMP 001300BF
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoA 762C19C9 5 Bytes JMP 00130F83
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateProcessW 762C1BF3 5 Bytes JMP 001300F5
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateProcessA 762C1C28 5 Bytes JMP 001300E4
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!VirtualProtect 762C1DC3 5 Bytes JMP 00130078
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeA 762C2EF5 5 Bytes JMP 00130FE5
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeW 762C5C0C 5 Bytes JMP 00130FCA
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreatePipe 762E8F06 5 Bytes JMP 001300A4
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 762E927C 5 Bytes JMP 00130067
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryW 762E9400 5 Bytes JMP 00130FAF
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExA 762E9554 5 Bytes JMP 00130F9E
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!LoadLibraryA 762E957C 5 Bytes JMP 00130036
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!VirtualProtectEx 762EDC52 5 Bytes JMP 00130089
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!GetProcAddress 7630925B 5 Bytes JMP 00130F39
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateFileW 7630B0EB 5 Bytes JMP 0013001B
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!CreateFileA 7630D07F 5 Bytes JMP 0013000A
.text C:\Windows\system32\svchost.exe[1024] kernel32.dll!WinExec 763560CF 5 Bytes JMP 00130F68
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_wsystem 75F27F2F 5 Bytes JMP 00220038
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!system 75F2804B 5 Bytes JMP 00220FAD
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_creat 75F2BBE1 5 Bytes JMP 0022001D
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_open 75F2D106 5 Bytes JMP 00220000
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_wcreat 75F2D326 5 Bytes JMP 00220FC8
.text C:\Windows\system32\svchost.exe[1024] msvcrt.dll!_wopen 75F2D501 5 Bytes JMP 00220FEF
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExA 771A39AB 5 Bytes JMP 00240FB6
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyA 771A3BA9 5 Bytes JMP 00240051
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyA 771A89C7 5 Bytes JMP 00240FEF
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyW 771B391E 5 Bytes JMP 00240062
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExW 771B41F1 5 Bytes JMP 0024007D
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExA 771B7C42 5 Bytes JMP 00240025
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyW 771BE2B5 5 Bytes JMP 0024000A
.text C:\Windows\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExW 771C7BA1 5 Bytes JMP 00240040
.text C:\Windows\system32\svchost.exe[1024] WS2_32.dll!socket 75F836D1 5 Bytes JMP 00230000
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateFile 775F4224 5 Bytes JMP 007B0FEF
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateProcess 775F42E4 5 Bytes JMP 007B0000
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtProtectVirtualMemory 775F4B84 5 Bytes JMP 007B0FD4
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!GetStartupInfoW 762C1929 5 Bytes JMP 007A0087
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!GetStartupInfoA 762C19C9 5 Bytes JMP 007A0F41
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreateProcessW 762C1BF3 5 Bytes JMP 007A00AC
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreateProcessA 762C1C28 5 Bytes JMP 007A0F15
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!VirtualProtect 762C1DC3 5 Bytes JMP 007A006C
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreateNamedPipeA 762C2EF5 5 Bytes JMP 007A002C
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreateNamedPipeW 762C5C0C 5 Bytes JMP 007A0FE5
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreatePipe 762E8F06 5 Bytes JMP 007A0F5C
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 762E927C 5 Bytes JMP 007A0F9E
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!LoadLibraryW 762E9400 5 Bytes JMP 007A0051
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExA 762E9554 5 Bytes JMP 007A0FAF
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!LoadLibraryA 762E957C 5 Bytes JMP 007A0FCA
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 762EDC52 5 Bytes JMP 007A0F6D
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!GetProcAddress 7630925B 5 Bytes JMP 007A00C7
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreateFileW 7630B0EB 5 Bytes JMP 007A001B
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreateFileA 7630D07F 5 Bytes JMP 007A0000
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!WinExec 763560CF 5 Bytes JMP 007A0F26
.text C:\Windows\System32\svchost.exe[1088] msvcrt.dll!_wsystem 75F27F2F 5 Bytes JMP 00890FAB
.text C:\Windows\System32\svchost.exe[1088] msvcrt.dll!system 75F2804B 5 Bytes JMP 0089002C
.text C:\Windows\System32\svchost.exe[1088] msvcrt.dll!_creat 75F2BBE1 5 Bytes JMP 00890FC6
.text C:\Windows\System32\svchost.exe[1088] msvcrt.dll!_open 75F2D106 5 Bytes JMP 00890000
.text C:\Windows\System32\svchost.exe[1088] msvcrt.dll!_wcreat 75F2D326 5 Bytes JMP 0089001B
.text C:\Windows\System32\svchost.exe[1088] msvcrt.dll!_wopen 75F2D501 5 Bytes JMP 00890FD7
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExA 771A39AB 5 Bytes JMP 00930039
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyA 771A3BA9 5 Bytes JMP 00930FA8
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyA 771A89C7 5 Bytes JMP 00930FEF
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW 771B391E 5 Bytes JMP 00930F97
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExW 771B41F1 5 Bytes JMP 00930054
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExA 771B7C42 5 Bytes JMP 00930FC3
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyW 771BE2B5 5 Bytes JMP 00930FDE
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExW 771C7BA1 5 Bytes JMP 00930014
.text C:\Windows\System32\svchost.exe[1088] WS2_32.dll!socket 75F836D1 5 Bytes JMP 008A0FEF
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtCreateFile 775F4224 5 Bytes JMP 00880FE5
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtCreateProcess 775F42E4 5 Bytes JMP 00880FAF
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtProtectVirtualMemory 775F4B84 5 Bytes JMP 00880FD4
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!GetStartupInfoW 762C1929 5 Bytes JMP 002B0F54
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!GetStartupInfoA 762C19C9 5 Bytes JMP 002B00A4
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateProcessW 762C1BF3 5 Bytes JMP 002B0F32
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateProcessA 762C1C28 5 Bytes JMP 002B00BF
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!VirtualProtect 762C1DC3 5 Bytes JMP 002B0067
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateNamedPipeA 762C2EF5 5 Bytes JMP 002B0036
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateNamedPipeW 762C5C0C 5 Bytes JMP 002B0FE5
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreatePipe 762E8F06 5 Bytes JMP 002B0089
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 762E927C 5 Bytes JMP 002B0F8D
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!LoadLibraryW 762E9400 5 Bytes JMP 002B0FB9
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!LoadLibraryExA 762E9554 5 Bytes JMP 002B0F9E
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!LoadLibraryA 762E957C 5 Bytes JMP 002B0FCA
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!VirtualProtectEx 762EDC52 5 Bytes JMP 002B0078
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!GetProcAddress 7630925B 5 Bytes JMP 002B0F17
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateFileW 7630B0EB 5 Bytes JMP 002B001B
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateFileA 7630D07F 5 Bytes JMP 002B000A
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!WinExec 763560CF 5 Bytes JMP 002B0F43
.text C:\Windows\System32\svchost.exe[1156] msvcrt.dll!_wsystem 75F27F2F 5 Bytes JMP 00890FC8
.text C:\Windows\System32\svchost.exe[1156] msvcrt.dll!system 75F2804B 5 Bytes JMP 00890049
.text C:\Windows\System32\svchost.exe[1156] msvcrt.dll!_creat 75F2BBE1 5 Bytes JMP 0089001D
.text C:\Windows\System32\svchost.exe[1156] msvcrt.dll!_open 75F2D106 5 Bytes JMP 0089000C
.text C:\Windows\System32\svchost.exe[1156] msvcrt.dll!_wcreat 75F2D326 5 Bytes JMP 00890038
.text C:\Windows\System32\svchost.exe[1156] msvcrt.dll!_wopen 75F2D501 5 Bytes JMP 00890FEF
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExA 771A39AB 5 Bytes JMP 008B0FB9
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyA 771A3BA9 5 Bytes JMP 008B0051
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyA 771A89C7 5 Bytes JMP 008B0000
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyW 771B391E 5 Bytes JMP 008B0FCA
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExW 771B41F1 5 Bytes JMP 008B0080
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExA 771B7C42 5 Bytes JMP 008B001B
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyW 771BE2B5 5 Bytes JMP 008B0FE5
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExW 771C7BA1 5 Bytes JMP 008B0036
.text C:\Windows\System32\svchost.exe[1156] WS2_32.dll!socket 75F836D1 5 Bytes JMP 008A000A
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!NtCreateFile 775F4224 5 Bytes JMP 01290FE5
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!NtCreateProcess 775F42E4 5 Bytes JMP 01290011
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!NtProtectVirtualMemory 775F4B84 5 Bytes JMP 01290000
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoW 762C1929 5 Bytes JMP 01280F2B
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoA 762C19C9 5 Bytes JMP 01280F46
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 762C1BF3 5 Bytes JMP 012800B1
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 762C1C28 5 Bytes JMP 01280F1A
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!VirtualProtect 762C1DC3 5 Bytes JMP 01280F72
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeA 762C2EF5 5 Bytes JMP 0128000A
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeW 762C5C0C 5 Bytes JMP 0128001B
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreatePipe 762E8F06 5 Bytes JMP 01280067
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 762E927C 5 Bytes JMP 01280F83
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryW 762E9400 5 Bytes JMP 01280040
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 762E9554 5 Bytes JMP 01280F9E
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryA 762E957C 5 Bytes JMP 01280FAF
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 762EDC52 5 Bytes JMP 01280F57
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!GetProcAddress 7630925B 5 Bytes JMP 012800C2
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateFileW 7630B0EB 5 Bytes JMP 01280FD4
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateFileA 7630D07F 5 Bytes JMP 01280FE5
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!WinExec 763560CF 5 Bytes JMP 01280096
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_wsystem 75F27F2F 5 Bytes JMP 012E0F81
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!system 75F2804B 5 Bytes JMP 012E0F9C
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_creat 75F2BBE1 5 Bytes JMP 012E0FB7
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_open 75F2D106 5 Bytes JMP 012E0FEF
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_wcreat 75F2D326 5 Bytes JMP 012E000C
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_wopen 75F2D501 5 Bytes JMP 012E0FD2
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA 771A39AB 5 Bytes JMP 01400047
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA 771A3BA9 5 Bytes JMP 01400025
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 771A89C7 5 Bytes JMP 01400FE5
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW 771B391E 5 Bytes JMP 01400036
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW 771B41F1 5 Bytes JMP 01400062
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA 771B7C42 5 Bytes JMP 01400014
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW 771BE2B5 5 Bytes JMP 01400FD4
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW 771C7BA1 5 Bytes JMP 01400FB9
.text C:\Windows\system32\svchost.exe[1180] WS2_32.dll!socket 75F836D1 5 Bytes JMP 01330000
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtCreateFile 775F4224 5 Bytes JMP 008C0FEF
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtCreateProcess 775F42E4 5 Bytes JMP 008C0FD4
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtProtectVirtualMemory 775F4B84 5 Bytes JMP 008C000A
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoW 762C1929 5 Bytes JMP 008B0F55
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!GetStartupInfoA 762C19C9 5 Bytes JMP 008B0091
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CreateProcessW 762C1BF3 5 Bytes JMP 008B0F04
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CreateProcessA 762C1C28 5 Bytes JMP 008B0F1F
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!VirtualProtect 762C1DC3 5 Bytes JMP 008B0F70
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeA 762C2EF5 5 Bytes JMP 008B002C
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CreateNamedPipeW 762C5C0C 5 Bytes JMP 008B0FDB
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CreatePipe 762E8F06 5 Bytes JMP 008B0080
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExW 762E927C 5 Bytes JMP 008B0F81
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!LoadLibraryW 762E9400 5 Bytes JMP 008B0FAF
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExA 762E9554 5 Bytes JMP 008B0F9E
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!LoadLibraryA 762E957C 5 Bytes JMP 008B0FCA
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!VirtualProtectEx 762EDC52 5 Bytes JMP 008B0065
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!GetProcAddress 7630925B 5 Bytes JMP 008B00B6
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CreateFileW 7630B0EB 5 Bytes JMP 008B001B
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CreateFileA 7630D07F 5 Bytes JMP 008B0000
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!WinExec 763560CF 5 Bytes JMP 008B0F3A
.text C:\Windows\system32\svchost.exe[1304] msvcrt.dll!_wsystem 75F27F2F 5 Bytes JMP 008E0049
.text C:\Windows\system32\svchost.exe[1304] msvcrt.dll!system 75F2804B 5 Bytes JMP 008E0038
.text C:\Windows\system32\svchost.exe[1304] msvcrt.dll!_creat 75F2BBE1 5 Bytes JMP 008E0FE3
.text C:\Windows\system32\svchost.exe[1304] msvcrt.dll!_open 75F2D106 5 Bytes JMP 008E0000
.text C:\Windows\system32\svchost.exe[1304] msvcrt.dll!_wcreat 75F2D326 5 Bytes JMP 008E0FC8
.text C:\Windows\system32\svchost.exe[1304] msvcrt.dll!_wopen 75F2D501 5 Bytes JMP 008E001D
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExA 771A39AB 5 Bytes JMP 0094003D
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyA 771A3BA9 5 Bytes JMP 00940FC0
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyA 771A89C7 5 Bytes JMP 00940000
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyW 771B391E 5 Bytes JMP 00940FA5
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!RegCreateKeyExW 771B41F1 5 Bytes JMP 0094004E
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExA 771B7C42 5 Bytes JMP 0094002C
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyW 771BE2B5 5 Bytes JMP 0094001B
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!RegOpenKeyExW 771C7BA1 5 Bytes JMP 00940FD1
.text C:\Windows\system32\svchost.exe[1304] WS2_32.dll!socket 75F836D1 5 Bytes JMP 00930FEF
.text C:\Windows\system32\svchost.exe[1412] ntdll.dll!NtCreateFile 775F4224 5 Bytes JMP 010C0FEF
.text C:\Windows\system32\svchost.exe[1412] ntdll.dll!NtCreateProcess 775F42E4 5 Bytes JMP 010C0FDE
.text C:\Windows\system32\svchost.exe[1412] ntdll.dll!NtProtectVirtualMemory 775F4B84 5 Bytes JMP 010C0014
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!GetStartupInfoW 762C1929 5 Bytes JMP 00DE0093
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!GetStartupInfoA 762C19C9 5 Bytes JMP 00DE0F4D
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreateProcessW 762C1BF3 5 Bytes JMP 00DE00BF
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreateProcessA 762C1C28 5 Bytes JMP 00DE0F28
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!VirtualProtect 762C1DC3 5 Bytes JMP 00DE0053
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreateNamedPipeA 762C2EF5 5 Bytes JMP 00DE0FCA
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreateNamedPipeW 762C5C0C 5 Bytes JMP 00DE0011
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreatePipe 762E8F06 5 Bytes JMP 00DE0F5E
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExW 762E927C 5 Bytes JMP 00DE0F79
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!LoadLibraryW 762E9400 5 Bytes JMP 00DE0F9B
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExA 762E9554 5 Bytes JMP 00DE0F8A
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!LoadLibraryA 762E957C 5 Bytes JMP 00DE002C
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!VirtualProtectEx 762EDC52 5 Bytes JMP 00DE006E
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!GetProcAddress 7630925B 5 Bytes JMP 00DE0F17
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreateFileW 7630B0EB 5 Bytes JMP 00DE0FDB
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!CreateFileA 7630D07F 5 Bytes JMP 00DE0000
.text C:\Windows\system32\svchost.exe[1412] kernel32.dll!WinExec 763560CF 5 Bytes JMP 00DE00A4
.text C:\Windows\system32\svchost.exe[1412] msvcrt.dll!_wsystem 75F27F2F 5 Bytes JMP 010D0FAD
.text C:\Windows\system32\svchost.exe[1412] msvcrt.dll!system 75F2804B 5 Bytes JMP 010D0038
.text C:\Windows\system32\svchost.exe[1412] msvcrt.dll!_creat 75F2BBE1 5 Bytes JMP 010D001D
.text C:\Windows\system32\svchost.exe[1412] msvcrt.dll!_open 75F2D106 5 Bytes JMP 010D0000
.text C:\Windows\system32\svchost.exe[1412] msvcrt.dll!_wcreat 75F2D326 5 Bytes JMP 010D0FD2
.text C:\Windows\system32\svchost.exe[1412] msvcrt.dll!_wopen 75F2D501 5 Bytes JMP 010D0FE3
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExA 771A39AB 5 Bytes JMP 0114005B
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyA 771A3BA9 5 Bytes JMP 01140025
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyA 771A89C7 5 Bytes JMP 01140FEF
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyW 771B391E 5 Bytes JMP 01140040
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExW 771B41F1 5 Bytes JMP 01140076
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExA 771B7C42 5 Bytes JMP 01140FC3
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyW 771BE2B5 5 Bytes JMP 01140FDE
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExW 771C7BA1 5 Bytes JMP 01140014
.text C:\Windows\system32\svchost.exe[1412] WS2_32.dll!socket 75F836D1 5 Bytes JMP 010E0000
.text C:\Windows\system32\svchost.exe[1412] WININET.dll!InternetOpenA 76194E2B 5 Bytes JMP 010F0FEF
.text C:\Windows\system32\svchost.exe[1412] WININET.dll!InternetOpenUrlA 7619BFCE 5 Bytes JMP 010F0FC3
.text C:\Windows\system32\svchost.exe[1412] WININET.dll!InternetOpenW 761CC03E 5 Bytes JMP 010F0FD4
.text C:\Windows\system32\svchost.exe[1412] WININET.dll!InternetOpenUrlW 761FD722 5 Bytes JMP 010F0014
.text C:\Windows\system32\svchost.exe[1720] ntdll.dll!NtCreateFile 775F4224 5 Bytes JMP 009F0FE5
.text C:\Windows\system32\svchost.exe[1720] ntdll.dll!NtCreateProcess 775F42E4 5 Bytes JMP 009F0FB9
.text C:\Windows\system32\svchost.exe[1720] ntdll.dll!NtProtectVirtualMemory 775F4B84 5 Bytes JMP 009F0FCA
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!GetStartupInfoW 762C1929 5 Bytes JMP 009E0115
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!GetStartupInfoA 762C19C9 5 Bytes JMP 009E0104
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateProcessW 762C1BF3 5 Bytes JMP 009E0FAA
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateProcessA 762C1C28 5 Bytes JMP 009E0141
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!VirtualProtect 762C1DC3 5 Bytes JMP 009E00B3
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateNamedPipeA 762C2EF5 5 Bytes JMP 009E0025
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateNamedPipeW 762C5C0C 5 Bytes JMP 009E0040
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreatePipe 762E8F06 5 Bytes JMP 009E00DF
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!LoadLibraryExW 762E927C 5 Bytes JMP 009E00A2
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!LoadLibraryW 762E9400 5 Bytes JMP 009E006C
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!LoadLibraryExA 762E9554 5 Bytes JMP 009E0087
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!LoadLibraryA 762E957C 5 Bytes JMP 009E005B
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!VirtualProtectEx 762EDC52 5 Bytes JMP 009E00C4
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!GetProcAddress 7630925B 5 Bytes JMP 009E0F8F
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateFileW 7630B0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateFileW 7630B0EB 5 Bytes JMP 009E0FEF
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateFileA 7630D07F 5 Bytes JMP 009E000A
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!WinExec 763560CF 5 Bytes JMP 009E0130
.text C:\Windows\system32\svchost.exe[1720] msvcrt.dll!_wsystem 75F27F2F 5 Bytes JMP 00A40044
.text C:\Windows\system32\svchost.exe[1720] msvcrt.dll!system 75F2804B 5 Bytes JMP 00A40FC3
.text C:\Windows\system32\svchost.exe[1720] msvcrt.dll!_creat 75F2BBE1 5 Bytes JMP 00A40029
.text C:\Windows\system32\svchost.exe[1720] msvcrt.dll!_open 75F2D106 5 Bytes JMP 00A40FEF
.text C:\Windows\system32\svchost.exe[1720] msvcrt.dll!_wcreat 75F2D326 5 Bytes JMP 00A40FD4
.text C:\Windows\system32\svchost.exe[1720] msvcrt.dll!_wopen 75F2D501 5 Bytes JMP 00A4000C
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyExA 771A39AB 3 Bytes JMP 00A60036
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyExA + 4 771A39AF 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyA 771A3BA9 3 Bytes JMP 00A6001B
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyA + 4 771A3BAD 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyA 771A89C7 3 Bytes JMP 00A60000
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyA + 4 771A89CB 1 Byte [89]
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyW 771B391E 5 Bytes JMP 00A60F9E
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyExW 771B41F1 5 Bytes JMP 00A60051
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyExA 771B7C42 5 Bytes JMP 00A60FCA
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyW 771BE2B5 5 Bytes JMP 00A60FE5
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyExW 771C7BA1 5 Bytes JMP 00A60FAF
.text C:\Windows\system32\svchost.exe[1720] WS2_32.dll!socket 75F836D1 5 Bytes JMP 00A50FE5
.text C:\Windows\system32\svchost.exe[1988] ntdll.dll!NtCreateFile 775F4224 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[1988] ntdll.dll!NtCreateProcess 775F42E4 5 Bytes JMP 008F0036
.text C:\Windows\system32\svchost.exe[1988] ntdll.dll!NtProtectVirtualMemory 775F4B84 5 Bytes JMP 008F001B
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!GetStartupInfoW 762C1929 5 Bytes JMP 008C00BD
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!GetStartupInfoA 762C19C9 5 Bytes JMP 008C00AC
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateProcessW 762C1BF3 5 Bytes JMP 008C0F41
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateProcessA 762C1C28 5 Bytes JMP 008C00D8
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!VirtualProtect 762C1DC3 5 Bytes JMP 008C0076
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateNamedPipeA 762C2EF5 5 Bytes JMP 008C001B
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateNamedPipeW 762C5C0C 5 Bytes JMP 008C0FC0
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreatePipe 762E8F06 5 Bytes JMP 008C0F77
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!LoadLibraryExW 762E927C 5 Bytes JMP 008C005B
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!LoadLibraryW 762E9400 5 Bytes JMP 008C0040
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!LoadLibraryExA 762E9554 5 Bytes JMP 008C0F9E
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!LoadLibraryA 762E957C 5 Bytes JMP 008C0FAF
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!VirtualProtectEx 762EDC52 5 Bytes JMP 008C0087
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!GetProcAddress 7630925B 5 Bytes JMP 008C00F3
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateFileW 7630B0EB 5 Bytes JMP 008C0FE5
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateFileA 7630D07F 5 Bytes JMP 008C000A
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!WinExec 763560CF 5 Bytes JMP 008C0F5C
.text C:\Windows\system32\svchost.exe[1988] msvcrt.dll!_wsystem 75F27F2F 5 Bytes JMP 00900F86
.text C:\Windows\system32\svchost.exe[1988] msvcrt.dll!system 75F2804B 5 Bytes JMP 00900FA1
.text C:\Windows\system32\svchost.exe[1988] msvcrt.dll!_creat 75F2BBE1 5 Bytes JMP 00900FC6
.text C:\Windows\system32\svchost.exe[1988] msvcrt.dll!_open 75F2D106 5 Bytes JMP 00900FE3
.text C:\Windows\system32\svchost.exe[1988] msvcrt.dll!_wcreat 75F2D326 5 Bytes JMP 00900011
.text C:\Windows\system32\svchost.exe[1988] msvcrt.dll!_wopen 75F2D501 5 Bytes JMP 00900000
.text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyExA 771A39AB 5 Bytes JMP 008D0F83
.text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyA 771A3BA9 5 Bytes JMP 008D0025
.text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyA 771A89C7 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyW 771B391E 5 Bytes JMP 008D0FA8
.text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!RegCreateKeyExW 771B41F1 5 Bytes JMP 008D0040
.text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyExA 771B7C42 5 Bytes JMP 008D0FCD
.text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyW 771BE2B5 5 Bytes JMP 008D0FDE
.text C:\Windows\system32\svchost.exe[1988] ADVAPI32.dll!RegOpenKeyExW 771C7BA1 5 Bytes JMP 008D0014
.text C:\Windows\system32\svchost.exe[1988] WS2_32.dll!socket 75F836D1 5 Bytes JMP 00950FEF
.text C:\Windows\system32\svchost.exe[2168] ntdll.dll!NtCreateFile 775F4224 5 Bytes JMP 000A0FE5
.text C:\Windows\system32\svchost.exe[2168] ntdll.dll!NtCreateProcess 775F42E4 5 Bytes JMP 000A001B
.text C:\Windows\system32\svchost.exe[2168] ntdll.dll!NtProtectVirtualMemory 775F4B84 5 Bytes JMP 000A0000
.text C:\Windows\system32\svchost.exe[2168] kernel32.dll!GetStartupInfoW 762C1929 5 Bytes JMP 000800A2
.text C:\Windows\system32\svchost.exe[2168] kernel32.dll!GetStartupInfoA 762C19C9 5 Bytes JMP 00080F5C
.text C:\Windows\system32\svchost.exe[2168] kernel32.dll!CreateProcessW 762C1BF3 5 Bytes JMP 000800BD
.text C:\Windows\system32\svchost.exe[2168] kernel32.dll!CreateProcessA 762C1C28 5 Bytes JMP 00080F26
.text C:\Windows\system32\svchost.exe[2168] kernel32.dll!VirtualProtect 762C1DC3 5 Bytes JMP 00080F88
.text C:\Windows\system32\svchost.exe[2168] kernel32.dll!CreateNamedPipeA 762C2EF5 5 Bytes JMP 0008002C
.text C:\Windows\system32\svchost.exe[2168] kernel32.dll!CreateNamedPipeW 762C5C0C 5 Bytes JMP 00080FDB
.text C:\Windows\system32\svchost.exe[2168] kernel32.dll!CreatePipe 762E8F06 5 Bytes JMP 00080F6D
.text C:\Windows\system32\svchost.exe[2168] kernel32.dll!LoadLibraryExW 762E927C 5 Bytes JMP 00080FA5
.text C:\Windows\system32\svchost.exe[2168] kernel32.dll!LoadLibraryW 762E9400 5 Bytes JMP 00080051
.text C:\Windows\system32\svchost.exe[2168] kernel32.dll!LoadLibraryExA 762E9554 5 Bytes JMP 00080062
.text C:\Windows\system32\svchost.exe[2168] kernel32.dll!LoadLibraryA 762E957C 5 Bytes JMP 00080FCA
.text C:\Windows\system32\svchost.exe[2168] kernel32.dll!VirtualProtectEx 762EDC52 5 Bytes JMP 0008007D
.text C:\Windows\system32\svchost.exe[2168] kernel32.dll!GetProcAddress 7630925B 5 Bytes JMP 00080F0B
.text C:\Windows\system32\svchost.exe[2168] kernel32.dll!CreateFileW 7630B0EB 5 Bytes JMP 0008001B
.text C:\Windows\system32\svchost.exe[2168] kernel32.dll!CreateFileA 7630D07F 5 Bytes JMP 00080000
.text C:\Windows\system32\svchost.exe[2168] kernel32.dll!WinExec 763560CF 5 Bytes JMP 00080F41
.text C:\Windows\system32\svchost.exe[2168] msvcrt.dll!_wsystem 75F27F2F 5 Bytes JMP 000B0FA1
.text C:\Windows\system32\svchost.exe[2168] msvcrt.dll!system 75F2804B 5 Bytes JMP 000B0FBC
.text C:\Windows\system32\svchost.exe[2168] msvcrt.dll!_creat 75F2BBE1 5 Bytes JMP 000B0011
.text C:\Windows\system32\svchost.exe[2168] msvcrt.dll!_open 75F2D106 5 Bytes JMP 000B0000
.text C:\Windows\system32\svchost.exe[2168] msvcrt.dll!_wcreat 75F2D326 5 Bytes JMP 000B0022
.text C:\Windows\system32\svchost.exe[2168] msvcrt.dll!_wopen 75F2D501 5 Bytes JMP 000B0FE3
.text C:\Windows\system32\svchost.exe[2168] ADVAPI32.dll!RegCreateKeyExA 771A39AB 5 Bytes JMP 00090F94
.text C:\Windows\system32\svchost.exe[2168] ADVAPI32.dll!RegCreateKeyA 771A3BA9 5 Bytes JMP 00090FD4
.text C:\Windows\system32\svchost.exe[2168] ADVAPI32.dll!RegOpenKeyA 771A89C7 5 Bytes JMP 00090000
.text C:\Windows\system32\svchost.exe[2168] ADVAPI32.dll!RegCreateKeyW 771B391E 5 Bytes JMP 00090FB9
.text C:\Windows\system32\svchost.exe[2168] ADVAPI32.dll!RegCreateKeyExW 771B41F1 5 Bytes JMP 00090F79
.text C:\Windows\system32\svchost.exe[2168] ADVAPI32.dll!RegOpenKeyExA 771B7C42 5 Bytes JMP 00090036
.text C:\Windows\system32\svchost.exe[2168] ADVAPI32.dll!RegOpenKeyW 771BE2B5 5 Bytes JMP 00090011
.text C:\Windows\system32\svchost.exe[2168] ADVAPI32.dll!RegOpenKeyExW 771C7BA1 5 Bytes JMP 00090FE5
.text C:\Windows\system32\svchost.exe[2168] WS2_32.dll!socket 75F836D1 5 Bytes JMP 0014000A
.text C:\Windows\system32\svchost.exe[2560] ntdll.dll!NtCreateFile 775F4224 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\svchost.exe[2560] ntdll.dll!NtCreateProcess 775F42E4 5 Bytes JMP 008D0014
.text C:\Windows\system32\svchost.exe[2560] ntdll.dll!NtProtectVirtualMemory 775F4B84 5 Bytes JMP 008D0FD4
.text C:\Windows\system32\svchost.exe[2560] kernel32.dll!GetStartupInfoW 762C1929 5 Bytes JMP 00870F26
.text C:\Windows\system32\svchost.exe[2560] kernel32.dll!GetStartupInfoA 762C19C9 5 Bytes JMP 00870076
.text C:\Windows\system32\svchost.exe[2560] kernel32.dll!CreateProcessW 762C1BF3 5 Bytes JMP 00870F01
.text C:\Windows\system32\svchost.exe[2560] kernel32.dll!CreateProcessA 762C1C28 5 Bytes JMP 00870098
.text C:\Windows\system32\svchost.exe[2560] kernel32.dll!VirtualProtect 762C1DC3 5 Bytes JMP 00870F70
.text C:\Windows\system32\svchost.exe[2560] kernel32.dll!CreateNamedPipeA 762C2EF5 5 Bytes JMP 00870025
.text C:\Windows\system32\svchost.exe[2560] kernel32.dll!CreateNamedPipeW 762C5C0C 5 Bytes JMP 00870FD4
.text C:\Windows\system32\svchost.exe[2560] kernel32.dll!CreatePipe 762E8F06 5 Bytes JMP 00870F4B
.text C:\Windows\system32\svchost.exe[2560] kernel32.dll!LoadLibraryExW 762E927C 5 Bytes JMP 00870F8B
.text C:\Windows\system32\svchost.exe[2560] kernel32.dll!LoadLibraryW 762E9400 5 Bytes JMP 00870054
.text C:\Windows\system32\svchost.exe[2560] kernel32.dll!LoadLibraryExA 762E9554 5 Bytes JMP 00870FA8
.text C:\Windows\system32\svchost.exe[2560] kernel32.dll!LoadLibraryA 762E957C 5 Bytes JMP 00870FC3
.text C:\Windows\system32\svchost.exe[2560] kernel32.dll!VirtualProtectEx 762EDC52 5 Bytes JMP 00870065
.text C:\Windows\system32\svchost.exe[2560] kernel32.dll!GetProcAddress 7630925B 5 Bytes JMP 00870EF0
.text C:\Windows\system32\svchost.exe[2560] kernel32.dll!CreateFileW 7630B0EB 5 Bytes JMP 0087000A
.text C:\Windows\system32\svchost.exe[2560] kernel32.dll!CreateFileA 7630D07F 5 Bytes JMP 00870FEF
.text C:\Windows\system32\svchost.exe[2560] kernel32.dll!WinExec 763560CF 5 Bytes JMP 00870087
.text C:\Windows\system32\svchost.exe[2560] msvcrt.dll!_wsystem 75F27F2F 5 Bytes JMP 008F0FC1
.text C:\Windows\system32\svchost.exe[2560] msvcrt.dll!system 75F2804B 5 Bytes JMP 008F004C
.text C:\Windows\system32\svchost.exe[2560] msvcrt.dll!_creat 75F2BBE1 5 Bytes JMP 008F0FE3
.text C:\Windows\system32\svchost.exe[2560] msvcrt.dll!_open 75F2D106 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[2560] msvcrt.dll!_wcreat 75F2D326 5 Bytes JMP 008F0FD2
.text C:\Windows\system32\svchost.exe[2560] msvcrt.dll!_wopen 75F2D501 5 Bytes JMP 008F001D
.text C:\Windows\system32\svchost.exe[2560] ADVAPI32.dll!RegCreateKeyExA 771A39AB 5 Bytes JMP 008C004A
.text C:\Windows\system32\svchost.exe[2560] ADVAPI32.dll!RegCreateKeyA 771A3BA9 5 Bytes JMP 008C0FB9
.text C:\Windows\system32\svchost.exe[2560] ADVAPI32.dll!RegOpenKeyA 771A89C7 5 Bytes JMP 008C0FEF
.text C:\Windows\system32\svchost.exe[2560] ADVAPI32.dll!RegCreateKeyW 771B391E 5 Bytes JMP 008C0FA8
.text C:\Windows\system32\svchost.exe[2560] ADVAPI32.dll!RegCreateKeyExW 771B41F1 5 Bytes JMP 008C0F83
.text C:\Windows\system32\svchost.exe[2560] ADVAPI32.dll!RegOpenKeyExA 771B7C42 5 Bytes JMP 008C001B
.text C:\Windows\system32\svchost.exe[2560] ADVAPI32.dll!RegOpenKeyW 771BE2B5 5 Bytes JMP 008C000A
.text C:\Windows\system32\svchost.exe[2560] ADVAPI32.dll!RegOpenKeyExW 771C7BA1 5 Bytes JMP 008C0FCA
.text C:\Windows\system32\svchost.exe[2560] WS2_32.dll!socket 75F836D1 5 Bytes JMP 00740000
.text C:\Windows\system32\svchost.exe[2640] ntdll.dll!NtCreateFile 775F4224 5 Bytes JMP 00970000
.text C:\Windows\system32\svchost.exe[2640] ntdll.dll!NtCreateProcess 775F42E4 5 Bytes JMP 00970025
.text C:\Windows\system32\svchost.exe[2640] ntdll.dll!NtProtectVirtualMemory 775F4B84 5 Bytes JMP 00970FE5
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!GetStartupInfoW 762C1929 5 Bytes JMP 00950F5E
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!GetStartupInfoA 762C19C9 5 Bytes JMP 009500AE
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!CreateProcessW 762C1BF3 5 Bytes JMP 009500E4
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!CreateProcessA 762C1C28 5 Bytes JMP 00950F4D
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!VirtualProtect 762C1DC3 5 Bytes JMP 00950067
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!CreateNamedPipeA 762C2EF5 5 Bytes JMP 00950014
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!CreateNamedPipeW 762C5C0C 5 Bytes JMP 00950025
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!CreatePipe 762E8F06 5 Bytes JMP 00950093
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!LoadLibraryExW 762E927C 5 Bytes JMP 00950F8D
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!LoadLibraryW 762E9400 5 Bytes JMP 00950FB2
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!LoadLibraryExA 762E9554 5 Bytes JMP 0095004A
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!LoadLibraryA 762E957C 5 Bytes JMP 00950FC3
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!VirtualProtectEx 762EDC52 5 Bytes JMP 00950078
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!GetProcAddress 7630925B 5 Bytes JMP 00950F28
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!CreateFileW 7630B0EB 5 Bytes JMP 00950FD4
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!CreateFileA 7630D07F 5 Bytes JMP 00950FEF
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!WinExec 763560CF 5 Bytes JMP 009500C9
.text C:\Windows\system32\svchost.exe[2640] msvcrt.dll!_wsystem 75F27F2F 5 Bytes JMP 00930069
.text C:\Windows\system32\svchost.exe[2640] msvcrt.dll!system 75F2804B 5 Bytes JMP 00930FDE
.text C:\Windows\system32\svchost.exe[2640] msvcrt.dll!_creat 75F2BBE1 5 Bytes JMP 00930029
.text C:\Windows\system32\svchost.exe[2640] msvcrt.dll!_open 75F2D106 5 Bytes JMP 0093000C
.text C:\Windows\system32\svchost.exe[2640] msvcrt.dll!_wcreat 75F2D326 5 Bytes JMP 0093004E
.text C:\Windows\system32\svchost.exe[2640] msvcrt.dll!_wopen 75F2D501 5 Bytes JMP 00930FEF
.text C:\Windows\system32\svchost.exe[2640] ADVAPI32.dll!RegCreateKeyExA 771A39AB 5 Bytes JMP 00960036
.text C:\Windows\system32\svchost.exe[2640] ADVAPI32.dll!RegCreateKeyA 771A3BA9 5 Bytes JMP 00960FAF
.text C:\Windows\system32\svchost.exe[2640] ADVAPI32.dll!RegOpenKeyA 771A89C7 5 Bytes JMP 0096000A
.text C:\Windows\system32\svchost.exe[2640] ADVAPI32.dll!RegCreateKeyW 771B391E 5 Bytes JMP 00960F94
.text C:\Windows\system32\svchost.exe[2640] ADVAPI32.dll!RegCreateKeyExW 771B41F1 5 Bytes JMP 00960F79
.text C:\Windows\system32\svchost.exe[2640] ADVAPI32.dll!RegOpenKeyExA 771B7C42 5 Bytes JMP 00960FD4
.text C:\Windows\system32\svchost.exe[2640] ADVAPI32.dll!RegOpenKeyW 771BE2B5 5 Bytes JMP 00960FE5
.text C:\Windows\system32\svchost.exe[2640] ADVAPI32.dll!RegOpenKeyExW 771C7BA1 5 Bytes JMP 00960025
.text C:\Windows\system32\svchost.exe[2640] WS2_32.dll!socket 75F836D1 5 Bytes JMP 00940FE5
.text C:\Windows\System32\svchost.exe[2716] ntdll.dll!NtCreateFile 775F4224 5 Bytes JMP 00080000
.text C:\Windows\System32\svchost.exe[2716] ntdll.dll!NtCreateProcess 775F42E4 5 Bytes JMP 00080011
.text C:\Windows\System32\svchost.exe[2716] ntdll.dll!NtProtectVirtualMemory 775F4B84 5 Bytes JMP 00080FE5
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!GetStartupInfoW 762C1929 5 Bytes JMP 00060F66
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!GetStartupInfoA 762C19C9 5 Bytes JMP 00060F77
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreateProcessW 762C1BF3 5 Bytes JMP 000600FD
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreateProcessA 762C1C28 5 Bytes JMP 000600E2
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!VirtualProtect 762C1DC3 5 Bytes JMP 00060FA3
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreateNamedPipeA 762C2EF5 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreateNamedPipeW 762C5C0C 5 Bytes JMP 0006004A
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreatePipe 762E8F06 5 Bytes JMP 00060F88
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!LoadLibraryExW 762E927C 5 Bytes JMP 0006007D
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!LoadLibraryW 762E9400 5 Bytes JMP 00060FCA
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!LoadLibraryExA 762E9554 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!LoadLibraryA 762E957C 5 Bytes JMP 0006005B
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!VirtualProtectEx 762EDC52 5 Bytes JMP 000600A2
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!GetProcAddress 7630925B 5 Bytes JMP 00060F4B
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreateFileW 7630B0EB 5 Bytes JMP 00060025
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!CreateFileA 7630D07F 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[2716] kernel32.dll!WinExec 763560CF 5 Bytes JMP 000600D1
.text C:\Windows\System32\svchost.exe[2716] msvcrt.dll!_wsystem 75F27F2F 5 Bytes JMP 00050F8D
.text C:\Windows\System32\svchost.exe[2716] msvcrt.dll!system 75F2804B 5 Bytes JMP 00050FA8
.text C:\Windows\System32\svchost.exe[2716] msvcrt.dll!_creat 75F2BBE1 5 Bytes JMP 00050FCD
.text C:\Windows\System32\svchost.exe[2716] msvcrt.dll!_open 75F2D106 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[2716] msvcrt.dll!_wcreat 75F2D326 5 Bytes JMP 00050022
.text C:\Windows\System32\svchost.exe[2716] msvcrt.dll!_wopen 75F2D501 5 Bytes JMP 00050FDE
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegCreateKeyExA 771A39AB 5 Bytes JMP 00070044
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegCreateKeyA 771A3BA9 5 Bytes JMP 00070022
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegOpenKeyA 771A89C7 5 Bytes JMP 00070FEF
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegCreateKeyW 771B391E 5 Bytes JMP 00070033
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegCreateKeyExW 771B41F1 5 Bytes JMP 0007005F
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegOpenKeyExA 771B7C42 5 Bytes JMP 00070FC0
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegOpenKeyW 771BE2B5 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[2716] ADVAPI32.dll!RegOpenKeyExW 771C7BA1 5 Bytes JMP 00070011
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3136] kernel32.dll!LoadLibraryW 762E9400 5 Bytes JMP 6F8B9AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3136] kernel32.dll!LoadLibraryA 762E957C 5 Bytes JMP 6F8B9A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\Explorer.EXE[3988] ntdll.dll!NtCreateFile 775F4224 5 Bytes JMP 00050000
.text C:\Windows\Explorer.EXE[3988] ntdll.dll!NtCreateProcess 775F42E4 5 Bytes JMP 0005001B
.text C:\Windows\Explorer.EXE[3988] ntdll.dll!NtProtectVirtualMemory 775F4B84 5 Bytes JMP 00050FEF
.text C:\Windows\Explorer.EXE[3988] kernel32.dll!GetStartupInfoW 762C1929 5 Bytes JMP 000100C6
.text C:\Windows\Explorer.EXE[3988] kernel32.dll!GetStartupInfoA 762C19C9 5 Bytes JMP 000100AB
.text C:\Windows\Explorer.EXE[3988] kernel32.dll!CreateProcessW 762C1BF3 5 Bytes JMP 00010F40
.text C:\Windows\Explorer.EXE[3988] kernel32.dll!CreateProcessA 762C1C28 5 Bytes JMP 00010F51
.text C:\Windows\Explorer.EXE[3988] kernel32.dll!VirtualProtect 762C1DC3 5 Bytes JMP 00010090
.text C:\Windows\Explorer.EXE[3988] kernel32.dll!CreateNamedPipeA 762C2EF5 5 Bytes JMP 00010011
.text C:\Windows\Explorer.EXE[3988] kernel32.dll!CreateNamedPipeW 762C5C0C 5 Bytes JMP 00010022
.text C:\Windows\Explorer.EXE[3988] kernel32.dll!CreatePipe 762E8F06 5 Bytes JMP 00010F80
.text C:\Windows\Explorer.EXE[3988] kernel32.dll!LoadLibraryExW 762E927C 5 Bytes JMP 00010073
.text C:\Windows\Explorer.EXE[3988] kernel32.dll!LoadLibraryW 762E9400 5 Bytes JMP 00010FC0
.text C:\Windows\Explorer.EXE[3988] kernel32.dll!LoadLibraryExA 762E9554 5 Bytes JMP 00010062
.text C:\Windows\Explorer.EXE[3988] kernel32.dll!LoadLibraryA 762E957C 5 Bytes JMP 0001003D
.text C:\Windows\Explorer.EXE[3988] kernel32.dll!VirtualProtectEx 762EDC52 5 Bytes JMP 00010F91
.text C:\Windows\Explorer.EXE[3988] kernel32.dll!GetProcAddress 7630925B 5 Bytes JMP 00010F2F
.text C:\Windows\Explorer.EXE[3988] kernel32.dll!CreateFileW 7630B0EB 5 Bytes JMP 00010000
.text C:\Windows\Explorer.EXE[3988] kernel32.dll!CreateFileA 7630D07F 5 Bytes JMP 00010FE5
.text C:\Windows\Explorer.EXE[3988] kernel32.dll!WinExec 763560CF 5 Bytes JMP 000100D7
.text C:\Windows\Explorer.EXE[3988] ADVAPI32.dll!RegCreateKeyExA 771A39AB 5 Bytes JMP 00060051
.text C:\Windows\Explorer.EXE[3988] ADVAPI32.dll!RegCreateKeyA 771A3BA9 5 Bytes JMP 00060FCA
.text C:\Windows\Explorer.EXE[3988] ADVAPI32.dll!RegOpenKeyA 771A89C7 5 Bytes JMP 00060FE5
.text C:\Windows\Explorer.EXE[3988] ADVAPI32.dll!RegCreateKeyW 771B391E 5 Bytes JMP 00060FB9
.text C:\Windows\Explorer.EXE[3988] ADVAPI32.dll!RegCreateKeyExW 771B41F1 5 Bytes JMP 00060062
.text C:\Windows\Explorer.EXE[3988] ADVAPI32.dll!RegOpenKeyExA 771B7C42 5 Bytes JMP 0006001B
.text C:\Windows\Explorer.EXE[3988] ADVAPI32.dll!RegOpenKeyW 771BE2B5 5 Bytes JMP 00060000
.text C:\Windows\Explorer.EXE[3988] ADVAPI32.dll!RegOpenKeyExW 771C7BA1 5 Bytes JMP 00060036
.text C:\Windows\Explorer.EXE[3988] msvcrt.dll!_wsystem 75F27F2F 5 Bytes JMP 00070FA3
.text C:\Windows\Explorer.EXE[3988] msvcrt.dll!system 75F2804B 5 Bytes JMP 00070FBE
.text C:\Windows\Explorer.EXE[3988] msvcrt.dll!_creat 75F2BBE1 5 Bytes JMP 00070FE3
.text C:\Windows\Explorer.EXE[3988] msvcrt.dll!_open 75F2D106 5 Bytes JMP 00070000
.text C:\Windows\Explorer.EXE[3988] msvcrt.dll!_wcreat 75F2D326 5 Bytes JMP 00070038
.text C:\Windows\Explorer.EXE[3988] msvcrt.dll!_wopen 75F2D501 5 Bytes JMP 0007001D
.text C:\Windows\Explorer.EXE[3988] WININET.dll!InternetOpenA 76194E2B 5 Bytes JMP 00750000
.text C:\Windows\Explorer.EXE[3988] WININET.dll!InternetOpenUrlA 7619BFCE 5 Bytes JMP 00750025
.text C:\Windows\Explorer.EXE[3988] WININET.dll!InternetOpenW 761CC03E 5 Bytes JMP 00750FEF
.text C:\Windows\Explorer.EXE[3988] WININET.dll!InternetOpenUrlW 761FD722 5 Bytes JMP 00750036
.text C:\Windows\Explorer.EXE[3988] WS2_32.dll!socket 75F836D1 5 Bytes JMP 03B70FEF
.text C:\Windows\system32\svchost.exe[5028] ntdll.dll!NtCreateFile 775F4224 5 Bytes JMP 00040FEF
.text C:\Windows\system32\svchost.exe[5028] ntdll.dll!NtCreateProcess 775F42E4 5 Bytes JMP 00040014
.text C:\Windows\system32\svchost.exe[5028] ntdll.dll!NtProtectVirtualMemory 775F4B84 5 Bytes JMP 00040FDE
.text C:\Windows\system32\svchost.exe[5028] kernel32.dll!GetStartupInfoW 762C1929 5 Bytes JMP 000100B3
.text C:\Windows\system32\svchost.exe[5028] kernel32.dll!GetStartupInfoA 762C19C9 5 Bytes JMP 000100A2
.text C:\Windows\system32\svchost.exe[5028] kernel32.dll!CreateProcessW 762C1BF3 5 Bytes JMP 000100E9
.text C:\Windows\system32\svchost.exe[5028] kernel32.dll!CreateProcessA 762C1C28 5 Bytes JMP 000100C4
.text C:\Windows\system32\svchost.exe[5028] kernel32.dll!VirtualProtect 762C1DC3 5 Bytes JMP 00010F77
.text C:\Windows\system32\svchost.exe[5028] kernel32.dll!CreateNamedPipeA 762C2EF5 5 Bytes JMP 00010FCA
.text C:\Windows\system32\svchost.exe[5028] kernel32.dll!CreateNamedPipeW 762C5C0C 5 Bytes JMP 00010025
.text C:\Windows\system32\svchost.exe[5028] kernel32.dll!CreatePipe 762E8F06 5 Bytes JMP 00010087
.text C:\Windows\system32\svchost.exe[5028] kernel32.dll!LoadLibraryExW 762E927C 5 Bytes JMP 00010051
.text C:\Windows\system32\svchost.exe[5028] kernel32.dll!LoadLibraryW 762E9400 5 Bytes JMP 00010FAF
.text C:\Windows\system32\svchost.exe[5028] kernel32.dll!LoadLibraryExA 762E9554 5 Bytes JMP 00010F94
.text C:\Windows\system32\svchost.exe[5028] kernel32.dll!LoadLibraryA 762E957C 5 Bytes JMP 00010036
.text C:\Windows\system32\svchost.exe[5028] kernel32.dll!VirtualProtectEx 762EDC52 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[5028] kernel32.dll!GetProcAddress 7630925B 5 Bytes JMP 00010F37
.text C:\Windows\system32\svchost.exe[5028] kernel32.dll!CreateFileW 7630B0EB 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[5028] kernel32.dll!CreateFileA 7630D07F 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[5028] kernel32.dll!WinExec 763560CF 5 Bytes JMP 00010F52
.text C:\Windows\system32\svchost.exe[5028] msvcrt.dll!_wsystem 75F27F2F 5 Bytes JMP 00060F9A
.text C:\Windows\system32\svchost.exe[5028] msvcrt.dll!system 75F2804B 5 Bytes JMP 00060025
.text C:\Windows\system32\svchost.exe[5028] msvcrt.dll!_creat 75F2BBE1 5 Bytes JMP 00060FB5
.text C:\Windows\system32\svchost.exe[5028] msvcrt.dll!_open 75F2D106 5 Bytes JMP 00060FE3
.text C:\Windows\system32\svchost.exe[5028] msvcrt.dll!_wcreat 75F2D326 5 Bytes JMP 0006000A
.text C:\Windows\system32\svchost.exe[5028] msvcrt.dll!_wopen 75F2D501 5 Bytes JMP 00060FD2
.text C:\Windows\system32\svchost.exe[5028] ADVAPI32.dll!RegCreateKeyExA 771A39AB 5 Bytes JMP 00070043
.text C:\Windows\system32\svchost.exe[5028] ADVAPI32.dll!RegCreateKeyA 771A3BA9 5 Bytes JMP 00070FA8
.text C:\Windows\system32\svchost.exe[5028] ADVAPI32.dll!RegOpenKeyA 771A89C7 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[5028] ADVAPI32.dll!RegCreateKeyW 771B391E 5 Bytes JMP 00070F97
.text C:\Windows\system32\svchost.exe[5028] ADVAPI32.dll!RegCreateKeyExW 771B41F1 5 Bytes JMP 00070054
.text C:\Windows\system32\svchost.exe[5028] ADVAPI32.dll!RegOpenKeyExA 771B7C42 5 Bytes JMP 00070014
.text C:\Windows\system32\svchost.exe[5028] ADVAPI32.dll!RegOpenKeyW 771BE2B5 5 Bytes JMP 00070FDE
.text C:\Windows\system32\svchost.exe[5028] ADVAPI32.dll!RegOpenKeyExW 771C7BA1 5 Bytes JMP 00070FC3
.text C:\Windows\system32\svchost.exe[5028] WS2_32.dll!socket 75F836D1 5 Bytes JMP 00080000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\BTHUSB \Device\00000075 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000075 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000077 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000077 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000761c7ac38
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000761c7ac38@000761bfe6a7 0xDD 0x2F 0xF6 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000761c7ac38@000761f44e1f 0x6E 0x42 0xCE 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF9 0xDF 0x7E 0xFE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBA 0xEF 0x04 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE3 0xE2 0xFA 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB4 0x6C 0xB9 0x1C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000761c7ac38 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000761c7ac38@000761bfe6a7 0xDD 0x2F 0xF6 0x36 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000761c7ac38@000761f44e1f 0x6E 0x42 0xCE 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF9 0xDF 0x7E 0xFE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBA 0xEF 0x04 0x36 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE3 0xE2 0xFA 0xEB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB4 0x6C 0xB9 0x1C ...
Reg HKLM\SOFTWARE\Classes\CLSID\{057AFF8E-18BB-3F80-364CCC2831522BE6}\{99AD5AFA-2676-F639-545B2C570527D246}\{9515C81F-50C9-6ACD-17AF77618A15A8EB}
Reg HKLM\SOFTWARE\Classes\CLSID\{057AFF8E-18BB-3F80-364CCC2831522BE6}\{99AD5AFA-2676-F639-545B2C570527D246}\{9515C81F-50C9-6ACD-17AF77618A15A8EB}@RA4KGUJC6T6LBNJRIDQ63C2L6C1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{05AF50AA-22D7-AA1D-A4F48F393CAE2202}\{78C6AA3D-BD77-7FA2-B188C82FA3887936}\{102B7915-3D5B-6524-E77B0FDDDBDD9024}
Reg HKLM\SOFTWARE\Classes\CLSID\{05AF50AA-22D7-AA1D-A4F48F393CAE2202}\{78C6AA3D-BD77-7FA2-B188C82FA3887936}\{102B7915-3D5B-6524-E77B0FDDDBDD9024}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{A86B5F7B-57BC-FDE1-4BA107CD048CA334}\{FAA6C91D-89D7-F6D7-A2ABB279A6F1429D}\{4006DA5B-3A8C-C500-035107788F07ACDE}
Reg HKLM\SOFTWARE\Classes\CLSID\{A86B5F7B-57BC-FDE1-4BA107CD048CA334}\{FAA6C91D-89D7-F6D7-A2ABB279A6F1429D}\{4006DA5B-3A8C-C500-035107788F07ACDE}@RA4KGUJC6T6LBNJRIDQ63C2L6C1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EA20B5D7-213B-BF6A-A687F1F5E27AC26F}\{EEE35091-0AEA-CF92-BEFE1061EF739928}\{47B248DC-A6E0-641B-BA973614FEEFC865}
Reg HKLM\SOFTWARE\Classes\CLSID\{EA20B5D7-213B-BF6A-A687F1F5E27AC26F}\{EEE35091-0AEA-CF92-BEFE1061EF739928}\{47B248DC-A6E0-641B-BA973614FEEFC865}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-23 13:08:24
-----------------------------
13:08:24.742 OS Version: Windows 6.0.6002 Service Pack 2
13:08:24.742 Number of processors: 4 586 0x1707
13:08:24.745 ComputerName: COLLINS-PC UserName: Collins
13:08:26.157 Initialize success
13:09:20.246 AVAST engine defs: 11072201
13:09:27.104 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
13:09:27.106 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 6
13:09:27.312 Disk 0 MBR read successfully
13:09:27.314 Disk 0 MBR scan
13:09:27.319 Disk 0 unknown MBR code
13:09:27.401 Disk 0 scanning sectors +976771072
13:09:27.787 Disk 0 scanning C:\Windows\system32\drivers
13:10:51.354 Service scanning
13:10:52.724 Disk 0 trace - called modules:
13:10:52.749 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll storport.sys nvstor32.sys
13:10:52.752 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87f9d538]
13:10:52.754 3 CLASSPNP.SYS[807cb8b3] -> nt!IofCallDriver -> [0x8798e8f0]
13:10:52.756 5 PCTCore.sys[812fb099] -> nt!IofCallDriver -> [0x86f82f08]
13:10:53.084 7 acpi.sys[806c46bc] -> nt!IofCallDriver -> \Device\0000005f[0x86f807f0]
13:10:54.191 AVAST engine scan C:\Windows
13:13:18.856 AVAST engine scan C:\Windows\system32
13:23:42.928 AVAST engine scan C:\Windows\system32\drivers
13:23:56.410 AVAST engine scan C:\Users\Collins
13:51:19.522 AVAST engine scan C:\ProgramData
14:01:10.848 Scan finished successfully
14:21:56.189 Disk 0 MBR has been saved successfully to "C:\Users\Collins\Desktop\Logs for Forum\MBR.dat"
14:21:56.196 The log file has been saved successfully to "C:\Users\Collins\Desktop\Logs for Forum\aswMBR.txt"

#3 pangea

pangea
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 23 July 2011 - 05:19 PM

aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-23 13:08:24
-----------------------------
13:08:24.742 OS Version: Windows 6.0.6002 Service Pack 2
13:08:24.742 Number of processors: 4 586 0x1707
13:08:24.745 ComputerName: COLLINS-PC UserName: Collins
13:08:26.157 Initialize success
13:09:20.246 AVAST engine defs: 11072201
13:09:27.104 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
13:09:27.106 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 6
13:09:27.312 Disk 0 MBR read successfully
13:09:27.314 Disk 0 MBR scan
13:09:27.319 Disk 0 unknown MBR code
13:09:27.401 Disk 0 scanning sectors +976771072
13:09:27.787 Disk 0 scanning C:\Windows\system32\drivers
13:10:51.354 Service scanning
13:10:52.724 Disk 0 trace - called modules:
13:10:52.749 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll storport.sys nvstor32.sys
13:10:52.752 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87f9d538]
13:10:52.754 3 CLASSPNP.SYS[807cb8b3] -> nt!IofCallDriver -> [0x8798e8f0]
13:10:52.756 5 PCTCore.sys[812fb099] -> nt!IofCallDriver -> [0x86f82f08]
13:10:53.084 7 acpi.sys[806c46bc] -> nt!IofCallDriver -> \Device\0000005f[0x86f807f0]
13:10:54.191 AVAST engine scan C:\Windows
13:13:18.856 AVAST engine scan C:\Windows\system32
13:23:42.928 AVAST engine scan C:\Windows\system32\drivers
13:23:56.410 AVAST engine scan C:\Users\Collins
13:51:19.522 AVAST engine scan C:\ProgramData
14:01:10.848 Scan finished successfully
14:21:56.189 Disk 0 MBR has been saved successfully to "C:\Users\Collins\Desktop\Logs for Forum\MBR.dat"
14:21:56.196 The log file has been saved successfully to "C:\Users\Collins\Desktop\Logs for Forum\aswMBR.txt"

2011/07/23 12:39:46.0217 4100 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/23 12:39:47.0175 4100 ================================================================================
2011/07/23 12:39:47.0175 4100 SystemInfo:
2011/07/23 12:39:47.0175 4100
2011/07/23 12:39:47.0175 4100 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/23 12:39:47.0175 4100 Product type: Workstation
2011/07/23 12:39:47.0175 4100 ComputerName: COLLINS-PC
2011/07/23 12:39:47.0175 4100 UserName: Collins
2011/07/23 12:39:47.0175 4100 Windows directory: C:\Windows
2011/07/23 12:39:47.0175 4100 System windows directory: C:\Windows
2011/07/23 12:39:47.0175 4100 Processor architecture: Intel x86
2011/07/23 12:39:47.0175 4100 Number of processors: 4
2011/07/23 12:39:47.0175 4100 Page size: 0x1000
2011/07/23 12:39:47.0175 4100 Boot type: Normal boot
2011/07/23 12:39:47.0175 4100 ================================================================================
2011/07/23 12:39:47.0575 4100 Initialize success
2011/07/23 12:39:49.0870 4932 ================================================================================
2011/07/23 12:39:49.0870 4932 Scan started
2011/07/23 12:39:49.0870 4932 Mode: Manual;
2011/07/23 12:39:49.0870 4932 ================================================================================
2011/07/23 12:39:50.0174 4932 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/23 12:39:50.0212 4932 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/23 12:39:50.0238 4932 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/23 12:39:50.0254 4932 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/23 12:39:50.0278 4932 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/23 12:39:50.0351 4932 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/23 12:39:50.0392 4932 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/23 12:39:50.0409 4932 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/23 12:39:50.0426 4932 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/23 12:39:50.0444 4932 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/23 12:39:50.0464 4932 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/23 12:39:50.0481 4932 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/23 12:39:50.0501 4932 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/07/23 12:39:50.0576 4932 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/23 12:39:50.0611 4932 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/23 12:39:50.0707 4932 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/23 12:39:50.0740 4932 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/23 12:39:50.0816 4932 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\Windows\system32\DRIVERS\avgarkt.sys
2011/07/23 12:39:50.0829 4932 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\Windows\system32\DRIVERS\AvgArCln.sys
2011/07/23 12:39:50.0860 4932 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/23 12:39:50.0910 4932 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/23 12:39:50.0989 4932 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/23 12:39:51.0027 4932 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/23 12:39:51.0048 4932 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/23 12:39:51.0069 4932 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/23 12:39:51.0089 4932 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/23 12:39:51.0111 4932 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/23 12:39:51.0128 4932 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/23 12:39:51.0178 4932 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/07/23 12:39:51.0196 4932 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/23 12:39:51.0233 4932 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/23 12:39:51.0298 4932 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/07/23 12:39:51.0325 4932 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/07/23 12:39:51.0383 4932 btusbflt (2e49b8a0fe18a66f5fcf3fb2c221d7d7) C:\Windows\system32\drivers\btusbflt.sys
2011/07/23 12:39:51.0423 4932 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/23 12:39:51.0462 4932 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/23 12:39:51.0524 4932 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
2011/07/23 12:39:51.0547 4932 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/07/23 12:39:51.0589 4932 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/23 12:39:51.0636 4932 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/23 12:39:51.0660 4932 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/07/23 12:39:51.0770 4932 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/23 12:39:51.0792 4932 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/23 12:39:51.0853 4932 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2011/07/23 12:39:51.0924 4932 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/23 12:39:52.0007 4932 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/23 12:39:52.0073 4932 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/23 12:39:52.0127 4932 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/23 12:39:52.0157 4932 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/07/23 12:39:52.0176 4932 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/23 12:39:52.0246 4932 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/23 12:39:52.0287 4932 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/23 12:39:52.0368 4932 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
2011/07/23 12:39:52.0392 4932 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/23 12:39:52.0438 4932 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/23 12:39:52.0464 4932 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/23 12:39:52.0485 4932 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/23 12:39:52.0528 4932 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/23 12:39:52.0546 4932 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/23 12:39:52.0590 4932 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/23 12:39:52.0639 4932 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/23 12:39:52.0692 4932 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/23 12:39:52.0709 4932 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/23 12:39:52.0722 4932 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/07/23 12:39:52.0860 4932 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/07/23 12:39:52.0910 4932 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/23 12:39:52.0934 4932 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/23 12:39:52.0958 4932 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/23 12:39:53.0010 4932 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/23 12:39:53.0034 4932 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/23 12:39:53.0080 4932 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/23 12:39:53.0105 4932 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/23 12:39:53.0148 4932 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/23 12:39:53.0171 4932 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/23 12:39:53.0197 4932 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/23 12:39:53.0309 4932 IntcAzAudAddService (d9b869a909cc93aec507d4f7dfa24434) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/23 12:39:53.0335 4932 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/23 12:39:53.0353 4932 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/23 12:39:53.0401 4932 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/23 12:39:53.0442 4932 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/23 12:39:53.0477 4932 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/23 12:39:53.0522 4932 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/23 12:39:53.0551 4932 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/23 12:39:53.0591 4932 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/23 12:39:53.0609 4932 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/23 12:39:53.0643 4932 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/23 12:39:53.0674 4932 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/23 12:39:53.0706 4932 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/23 12:39:53.0754 4932 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/23 12:39:53.0860 4932 LHidFilt (ea57f9a93042d53256db4e2222b93b37) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/07/23 12:39:53.0913 4932 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/23 12:39:53.0970 4932 LMouFilt (8bd61e1f686d352b318b025524542128) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/07/23 12:39:53.0992 4932 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/23 12:39:54.0013 4932 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/23 12:39:54.0034 4932 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/23 12:39:54.0058 4932 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/23 12:39:54.0114 4932 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/07/23 12:39:54.0226 4932 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/23 12:39:54.0277 4932 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/23 12:39:54.0337 4932 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys
2011/07/23 12:39:54.0425 4932 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
2011/07/23 12:39:54.0518 4932 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
2011/07/23 12:39:54.0579 4932 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
2011/07/23 12:39:54.0622 4932 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys
2011/07/23 12:39:54.0660 4932 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/07/23 12:39:54.0701 4932 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
2011/07/23 12:39:54.0815 4932 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
2011/07/23 12:39:54.0874 4932 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/23 12:39:54.0925 4932 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/23 12:39:54.0942 4932 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/23 12:39:54.0966 4932 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/23 12:39:54.0987 4932 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/23 12:39:55.0026 4932 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/23 12:39:55.0051 4932 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/23 12:39:55.0087 4932 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/23 12:39:55.0121 4932 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/23 12:39:55.0167 4932 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/23 12:39:55.0295 4932 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/23 12:39:55.0317 4932 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/23 12:39:55.0336 4932 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/07/23 12:39:55.0359 4932 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/23 12:39:55.0387 4932 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/23 12:39:55.0409 4932 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/23 12:39:55.0441 4932 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/23 12:39:55.0458 4932 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/23 12:39:55.0500 4932 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/23 12:39:55.0546 4932 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/23 12:39:55.0566 4932 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/23 12:39:55.0586 4932 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/23 12:39:55.0598 4932 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/23 12:39:55.0649 4932 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/23 12:39:55.0712 4932 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/23 12:39:55.0734 4932 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/23 12:39:55.0753 4932 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/23 12:39:55.0795 4932 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/23 12:39:55.0816 4932 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/23 12:39:55.0835 4932 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/23 12:39:55.0875 4932 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/23 12:39:55.0911 4932 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/23 12:39:55.0929 4932 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/23 12:39:55.0944 4932 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/23 12:39:56.0003 4932 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/23 12:39:56.0030 4932 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/23 12:39:56.0072 4932 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/23 12:39:56.0124 4932 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/07/23 12:39:56.0330 4932 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/23 12:39:56.0401 4932 NVR0Dev (705483155b936815eaaa3f787ab9371c) C:\Windows\nvoclock.sys
2011/07/23 12:39:56.0424 4932 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/23 12:39:56.0448 4932 nvrd32 (049e81b6fb41c73619ed3fe4df7d8638) C:\Windows\system32\drivers\nvrd32.sys
2011/07/23 12:39:56.0468 4932 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/23 12:39:56.0482 4932 nvstor32 (7eba6c9a0a295b1559efb9062e701218) C:\Windows\system32\drivers\nvstor32.sys
2011/07/23 12:39:56.0525 4932 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/23 12:39:56.0613 4932 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/23 12:39:56.0667 4932 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/23 12:39:56.0688 4932 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/23 12:39:56.0709 4932 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/23 12:39:56.0822 4932 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/23 12:39:56.0841 4932 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/23 12:39:56.0858 4932 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/23 12:39:56.0913 4932 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\Windows\system32\drivers\PCTCore.sys
2011/07/23 12:39:56.0951 4932 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
2011/07/23 12:39:56.0981 4932 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
2011/07/23 12:39:57.0030 4932 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/23 12:39:57.0127 4932 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/23 12:39:57.0147 4932 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/23 12:39:57.0189 4932 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/23 12:39:57.0242 4932 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/07/23 12:39:57.0301 4932 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/23 12:39:57.0328 4932 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/23 12:39:57.0349 4932 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/23 12:39:57.0434 4932 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/23 12:39:57.0455 4932 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/23 12:39:57.0484 4932 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/23 12:39:57.0515 4932 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/23 12:39:57.0540 4932 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/23 12:39:57.0580 4932 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/23 12:39:57.0597 4932 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/23 12:39:57.0626 4932 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/07/23 12:39:57.0641 4932 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/23 12:39:57.0669 4932 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/23 12:39:57.0720 4932 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/23 12:39:57.0744 4932 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/23 12:39:57.0767 4932 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/23 12:39:57.0802 4932 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/23 12:39:57.0824 4932 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/23 12:39:57.0841 4932 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/23 12:39:57.0857 4932 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/23 12:39:57.0885 4932 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/23 12:39:57.0903 4932 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/23 12:39:57.0918 4932 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/23 12:39:57.0934 4932 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/23 12:39:57.0961 4932 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/23 12:39:57.0988 4932 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/23 12:39:58.0006 4932 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/23 12:39:58.0031 4932 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/23 12:39:58.0057 4932 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/23 12:39:58.0143 4932 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/07/23 12:39:58.0184 4932 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/23 12:39:58.0212 4932 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/23 12:39:58.0242 4932 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/23 12:39:58.0316 4932 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/23 12:39:58.0338 4932 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/23 12:39:58.0358 4932 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/23 12:39:58.0375 4932 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/23 12:39:58.0436 4932 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/23 12:39:58.0469 4932 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/23 12:39:58.0508 4932 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/23 12:39:58.0529 4932 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/23 12:39:58.0546 4932 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/23 12:39:58.0586 4932 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/23 12:39:58.0627 4932 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/23 12:39:58.0664 4932 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/23 12:39:58.0680 4932 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/23 12:39:58.0713 4932 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/23 12:39:58.0731 4932 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/23 12:39:58.0769 4932 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/23 12:39:58.0800 4932 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/23 12:39:58.0821 4932 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/23 12:39:58.0835 4932 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/23 12:39:58.0853 4932 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/23 12:39:58.0874 4932 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/23 12:39:58.0922 4932 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/23 12:39:58.0938 4932 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/23 12:39:58.0959 4932 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/23 12:39:59.0007 4932 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/23 12:39:59.0042 4932 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/23 12:39:59.0090 4932 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/23 12:39:59.0124 4932 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/23 12:39:59.0175 4932 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/23 12:39:59.0194 4932 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/23 12:39:59.0218 4932 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/23 12:39:59.0268 4932 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/23 12:39:59.0291 4932 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/23 12:39:59.0323 4932 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/23 12:39:59.0343 4932 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/23 12:39:59.0360 4932 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/23 12:39:59.0380 4932 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/23 12:39:59.0422 4932 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/23 12:39:59.0445 4932 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/23 12:39:59.0496 4932 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/23 12:39:59.0531 4932 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/23 12:39:59.0554 4932 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/23 12:39:59.0581 4932 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/23 12:39:59.0611 4932 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/23 12:39:59.0645 4932 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/23 12:39:59.0736 4932 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/23 12:39:59.0802 4932 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/23 12:39:59.0826 4932 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/23 12:39:59.0885 4932 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/07/23 12:39:59.0940 4932 WSDScan (65d1ff8aaff4a7d8f787a290e5087816) C:\Windows\system32\DRIVERS\WSDScan.sys
2011/07/23 12:40:00.0010 4932 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/23 12:40:00.0045 4932 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/23 12:40:00.0077 4932 Boot (0x1200) (945531e5b2f88606008adfae87ce6dfd) \Device\Harddisk0\DR0\Partition0
2011/07/23 12:40:00.0083 4932 Boot (0x1200) (08bc1bb0a15b40f42bfcc0dc01304a2a) \Device\Harddisk0\DR0\Partition1
2011/07/23 12:40:00.0089 4932 ================================================================================
2011/07/23 12:40:00.0089 4932 Scan finished
2011/07/23 12:40:00.0089 4932 ================================================================================
2011/07/23 12:40:00.0097 5064 Detected object count: 0
2011/07/23 12:40:00.0097 5064 Actual detected object count: 0

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 02 August 2011 - 10:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you!

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/410782 and follow the instructions there. If you no longer need help, this is all you need to do. If you do need help please continue below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 07 August 2011 - 10:25 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users