Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unexplained system lockups and more, I think I'm infected


  • Please log in to reply
10 replies to this topic

#1 Arclight

Arclight

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 12 August 2011 - 05:40 PM

So the trouble started about a week ago, I came home from work and pressed a key to bring the screen back on (I have the screen set to shut off when I'm not using it) and the screen didn't come back on, so I went from there and pressed a couple more keys tried using the touchpad and nothing. I figured that it had frozen so after a minute or two of trying to get it to come on I ended up turning it off by holding down the power key.

I turned it back on after waiting for the laptop to cool down (it was pretty warm, which isn't really unusual when I leave it on) and logged back in. This is where my problems began.

The first thing I noticed besides the normal startup was a popup saying that 'Apoint.exe failed to load launcher' and now my touchpad won't let me scroll up and down or left and right on pages. Great, but still nothing too horrible. I wen't online and downloaded a new update for the dell touchpad (I have a Vostro a860 by the way, running Vista 32bit) and restarted and no such luck, it's still broken.

On top of all of that my computer started running hotter over the past few days and has had a nasty habit of locking up when the screen is off but the computer is left on for a sizable amount of time. Most of the time I have a couple of programs running on it, usually google chrome and iTunes so I'm not sure if it's just me using up too much resources or not.

I've run anti virus (I have McAfee) and it came up empty, I've also run Malwarebyte's as well and I recall it finding 4 objects but I don't remember off hand what it said they were. Even after removing them however the problem still persists.

Anyway any help would be appreciated, I'm pretty desperate to get my laptop working again, it's the only computer that I have for schoolwork as well as play. If there is any more information you need to help just let me know and I'd be glad to oblige.

BC AdBot (Login to Remove)

 


#2 Arclight

Arclight
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 17 August 2011 - 09:30 AM

Well I've got a little bit more information, my computer locked up again last night and I got this Problem Report:

Shut Down Unexpectedly Status: Not reported.

Problem signature
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.2
Locale ID: 1033

Files that help describe the problem (some files may no longer be available)
Mini081111-01.dmp
sysdata.xml
Version.txt

View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Extra information about the problem
BCCode: 19
BCP1: 00000022
BCP2: 00000000
BCP3: 00000000
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1


I hope this'll help figure out what is going on, I'm afraid to leave my laptop on for even a couple of minutes unattended anymore. Appreciate any help you can give!

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:27 AM

Posted 17 August 2011 - 11:51 PM

Welcome aboard Posted Image

Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

========================================================

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#4 Arclight

Arclight
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 19 August 2011 - 08:42 AM

Alright just finished all the scans so here is the super long post with all of the log files, I labelled them, hope this helps! Oh and I appreciate the response!



Here is the BSOD.txt log

==================================================
Dump File : Mini081211-01.dmp
Crash Time : 8/12/2011 6:47:45 AM
Bug Check String : PNP_DETECTED_FATAL_ERROR
Bug Check Code : 0x000000ca
Parameter 1 : 0x00000001
Parameter 2 : 0x879d4238
Parameter 3 : 0x87137a50
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cdb3f
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18484 (vistasp2_gdr.110617-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+168f16
Stack Address 2 : ntkrnlpa.exe+161a03
Stack Address 3 : ntkrnlpa.exe+169f2f
Computer Name :
Full Path : C:\Windows\Minidump\Mini081211-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,160
==================================================

==================================================
Dump File : Mini081111-01.dmp
Crash Time : 8/11/2011 7:11:45 PM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 0x00000022
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+726c
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cdb3f
Stack Address 1 : ntkrnlpa.exe+b5c7c
Stack Address 2 : ntkrnlpa.exe+ed14a
Stack Address 3 : WinFLdrv.sys+183a
Computer Name :
Full Path : C:\Windows\Minidump\Mini081111-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,160
==================================================

==================================================
Dump File : Mini073011-01.dmp
Crash Time : 7/30/2011 7:57:51 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x004800c7
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x8220cfe9
Caused By Driver : hal.dll
Caused By Address : hal.dll+3fe9
File Description : Hardware Abstraction Layer DLL
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18005 (lh_sp2rtm.090410-1830)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 : hal.dll+3fe9
Stack Address 2 : fltmgr.sys+21fb
Stack Address 3 : fltmgr.sys+20b67
Computer Name :
Full Path : C:\Windows\Minidump\Mini073011-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 139,160
==================================================

==================================================
Dump File : Mini072609-01.dmp
Crash Time : 7/25/2009 11:45:08 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 0x00000004
Parameter 2 : 0x00000258
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : tcpip.sys
Caused By Address : tcpip.sys+6a679
File Description : TCP/IP Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18484 (vistasp2_gdr.110617-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd333
Stack Address 1 : ntkrnlpa.exe+2da3b7
Stack Address 2 : ntkrnlpa.exe+b6ca0
Stack Address 3 : ntkrnlpa.exe+b68d6
Computer Name :
Full Path : C:\Windows\Minidump\Mini072609-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
Dump File Size : 139,112
==================================================



Here is the security check Checkup.txt log:

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
McAfee Total Protection
McAfee Security Scan Plus
McAfee Online Backup
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Java 2 Runtime Environment, SE v1.4.2_02
Out of date Java installed!
Adobe Flash Player 10.2.159.1
Adobe Reader X (10.1.0)
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
McAfee Online Backup MOBKbackup.exe
``````````End of Log````````````



Here is the MiniToolBox result.txt log:

MiniToolBox by Farbar
Ran by Student (administrator) on 18-08-2011 at 07:36:33
Windows Vista ™ Home Basic Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Student-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-24-7E-86-B9-E1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-17-C4-95-B3-BE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-22-19-FB-4B-D0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5b0:2460:3f5c:3449%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, August 17, 2011 2:33:59 PM
Lease Expires . . . . . . . . . . : Thursday, August 25, 2011 7:01:57 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 251666969
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-FD-62-34-00-22-19-FB-4B-D0
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3853:1c6f:3f57:ff9a(Preferred)
Link-local IPv6 Address . . . . . : fe80::3853:1c6f:3f57:ff9a%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{F4BA8194-D61E-4E82-B3DD-18996812EC4F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E8400BB9-7986-42FA-BC17-750BC72A715D}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.73.106
74.125.73.99
74.125.73.103
74.125.73.105
74.125.73.104
74.125.73.147



Pinging google.com [74.125.73.99] with 32 bytes of data:

Reply from 74.125.73.99: bytes=32 time=106ms TTL=52

Reply from 74.125.73.99: bytes=32 time=79ms TTL=52



Ping statistics for 74.125.73.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 79ms, Maximum = 106ms, Average = 92ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=81ms TTL=55

Reply from 209.191.122.70: bytes=32 time=80ms TTL=55



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 80ms, Maximum = 81ms, Average = 80ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
16 ...00 24 7e 86 b9 e1 ...... Bluetooth Device (Personal Area Network)
12 ...00 17 c4 95 b3 be ...... Atheros AR5007EG Wireless Network Adapter
11 ...00 22 19 fb 4b d0 ...... Realtek PCIe FE Family Controller
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
18 ...00 00 00 00 00 00 00 e0 isatap.{F4BA8194-D61E-4E82-B3DD-18996812EC4F}
17 ...00 00 00 00 00 00 00 e0 isatap.{E8400BB9-7986-42FA-BC17-750BC72A715D}
19 ...00 00 00 00 00 00 00 e0 isatap.home
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.101 276
192.168.0.101 255.255.255.255 On-link 192.168.0.101 276
192.168.0.255 255.255.255.255 On-link 192.168.0.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.101 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:3853:1c6f:3f57:ff9a/128
On-link
11 276 fe80::/64 On-link
10 266 fe80::/64 On-link
11 276 fe80::5b0:2460:3f5c:3449/128
On-link
10 266 fe80::3853:1c6f:3f57:ff9a/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/18/2011 07:30:31 AM) (Source: Application Hang) (User: )
Description: The program BlueScreenView.exe version 1.3.5.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 8bc
Start Time: 01cc5db31849baa0
Termination Time: 5

Error: (08/17/2011 03:22:42 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3796 (0xed4)

Thread address : 0x77175CA4

Thread message :

Build VSCORE.14.4.0.333 / 5400.1158
Object being scanned = \Device\HarddiskVolume3\PROGRA~1\McAfee\MSC\mcinfo.exe
by C:\Windows\system32\svchost.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (08/17/2011 02:35:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2011 02:34:53 PM) (Source: Application Error) (User: )
Description: Faulting application SearchIndexer.exe, version 7.0.6002.18005, time stamp 0x49e02459, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x01d37544,
process id 0xcb8, application start time 0xSearchIndexer.exe0.

Error: (08/17/2011 02:34:39 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application, SystemIndex Catalog

Details:
The content index metadata cannot be read. 0xc0041801 (0xc0041801)

Error: (08/17/2011 02:34:39 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {757ad9c5-ca55-48f7-b8cd-44163989df5f}

Error: (08/17/2011 00:21:56 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
Insufficient system resources exist to complete the requested service. (0x800705aa)

Error: (08/17/2011 00:14:26 PM) (Source: Windows Search Service) (User: )
Description: The transaction cannot be updated in the queue. File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy2681.gthr.

Context: Application, SystemIndex Catalog

Details:
Unable to complete the requested operation because of either a catastrophic media failure or a data structure corruption on the disk. (0x8007054e)

Error: (08/17/2011 00:11:56 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
Insufficient system resources exist to complete the requested service. (0x800705aa)

Error: (08/17/2011 07:09:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/18/2011 07:01:57 AM) (Source: Service Control Manager) (User: )
Description: 30000McAfee SiteAdvisor Service

Error: (08/17/2011 03:23:43 PM) (Source: Service Control Manager) (User: )
Description: McAfee McShield150001Restart the service

Error: (08/17/2011 02:35:34 PM) (Source: Service Control Manager) (User: )
Description: Windows Search1300001Restart the service

Error: (08/17/2011 02:35:34 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (08/17/2011 02:35:32 PM) (Source: DCOM) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/17/2011 02:34:00 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: SYSTEM)
Description: C:\Windows\system32\athihvs.dll126

Error: (08/17/2011 02:33:57 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:19:32 PM on 8/17/2011 was unexpected.

Error: (08/17/2011 00:58:15 PM) (Source: Service Control Manager) (User: )
Description: Akamai NetSession Interface110001Restart the service

Error: (08/17/2011 07:09:29 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (08/17/2011 07:08:43 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: SYSTEM)
Description: C:\Windows\system32\athihvs.dll126


Microsoft Office Sessions:
=========================
Error: (08/18/2011 07:30:31 AM) (Source: Application Hang)(User: )
Description: BlueScreenView.exe1.3.5.08bc01cc5db31849baa05

Error: (08/17/2011 03:22:42 PM) (Source: McLogEvent)(User: SYSTEM)SYSTEM
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900003796 (0xed4)0x77175CA4
Build VSCORE.14.4.0.333 / 5400.1158
Object being scanned = \Device\HarddiskVolume3\PROGRA~1\McAfee\MSC\mcinfo.exe
by C:\Windows\system32\svchost.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (08/17/2011 02:35:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2011 02:34:53 PM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.6002.1800549e02459unknown0.0.0.000000000c000000501d37544cb801cc5d256aa22354

Error: (08/17/2011 02:34:39 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index metadata cannot be read. 0xc0041801 (0xc0041801)

Error: (08/17/2011 02:34:39 PM) (Source: VSS)(User: )
Description: 0x80070005

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {757ad9c5-ca55-48f7-b8cd-44163989df5f}

Error: (08/17/2011 00:21:56 PM) (Source: Windows Search Service)(User: )
Description: Details:
Insufficient system resources exist to complete the requested service. (0x800705aa)

Error: (08/17/2011 00:14:26 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
Unable to complete the requested operation because of either a catastrophic media failure or a data structure corruption on the disk. (0x8007054e)
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy2681.gthr

Error: (08/17/2011 00:11:56 PM) (Source: Windows Search Service)(User: )
Description: Details:
Insufficient system resources exist to complete the requested service. (0x800705aa)

Error: (08/17/2011 07:09:23 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

(Version: 6.9.1)
4Musics FLAC to MP3 Converter 4.0
AbiWord 2.6.8 (Version: 2.6.8)
AC3File 0.6b (Version: 0.6b)
AC3Filter 1.63b (Version: 1.63b)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 ActiveX (Version: 10.1.85.3)
Adobe Flash Player 10 Plugin (Version: 10.2.159.1)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Akamai NetSession Interface
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Bluetooth Stack for Windows by Toshiba (Version: v6.01.05(D))
Bonjour (Version: 3.0.0.2)
Combined Community Codec Pack 2009-09-09 (Version: 2009.09.09.0)
Comical 0.8
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant HD Audio (Version: 4.57.0.50)
DAEMON Tools Lite (Version: 4.40.2.0131)
DAEMON Tools Toolbar (Version: 1.1.7.0190)
Dell Touchpad (Version: 7.1.104.2)
DivX Converter (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.5.0.15)
DivX Version Checker (Version: 7.1.0.9)
DVD-Cloner V8.00 Build 1001 (Version: 8.00.0.1001)
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
EA Download Manager (Version: 8.0.3.427)
EA Installer (Version: 2.2.0.62)
EA Shared Game Component: Activation (Version: 2.2.0)
EA Shared Game Component: Activation (Version: 2.2.0.62)
Fallout Collection
Free FLAC to MP3 Converter 1.0
Google Earth (Version: 6.0.3.2197)
Google SketchUp 7 (Version: 2.1.6860)
Google Update Helper (Version: 1.3.21.65)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.74.00.50)
HP Deskjet 2050 J510 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 2050 J510 series Help (Version: 140.0.61.61)
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
iTunes (Version: 10.4.0.80)
Java 2 Runtime Environment, SE v1.4.2_02 (Version: 1.4.2_02)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
K-Lite Mega Codec Pack 5.7.0 (Version: 5.7.0)
LabSim (Version: 2.0.24)
Learning Essentials for Microsoft Office (Version: 2.0)
LucasArts' Star Wars Rebellion
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Mass Effect 2 (Version: 1.2.1604.0)
McAfee Online Backup
McAfee Online Backup (Version: 1.16.4.0)
McAfee Security Scan Plus (Version: 2.0.181.2)
McAfee Total Protection (Version: 11.0.572)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Games for Windows - LIVE (Version: 3.4.54.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.4.18.0)
Microsoft Math (Version: 2007)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 1.3.59.0)
Microsoft Silverlight (Version: 4.0.60129.0)
Microsoft Student 2007 for Learning Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 4.0.1 (x86 en-US) (Version: 4.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA PhysX (Version: 9.10.0222)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Power MP3 Recorder Cutter v5.2.0.0 (Version: 5.2.0.0)
PowerDVD (Version: 8.0)
QuickTime (Version: 7.70.80.34)
RapeLay (Version: 1.03)
Rosetta Stone Version 3 (Version: 3.4.5.0)
SiSoftware Sandra Lite 2009.SP3c (Version: 15.99.2009.5)
SmartSound Quicktracks Plugin (Version: 3.0.8.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Steam (Version: 1.0.0.0)
SWF Opener (Version: 1.3)
System Requirements Lab (Version: 4.1.13.0)
System Requirements Lab (Version: 4.1.72.0)
System Requirements Lab for Intel (Version: 4.4.24.0)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Vuze (Version: 4.6)
Winamp (Version: 5.601 )
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
WinRAR archiver
Xvid 1.2.2 final uninstall (Version: 1.2)
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update

========================= Memory info: ===================================

Percentage of memory in use: 64%
Total physical RAM: 2037.64 MB
Available physical RAM: 728.77 MB
Total Pagefile: 6652.23 MB
Available Pagefile: 4651.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.12 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:134.36 GB) (Free:15.47 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:1.63 GB) NTFS

========================= Users: ========================================

User accounts for \\STUDENT-PC

Administrator Guest Student


**** End of log ****

Here is the rest, didn't fit in one post:

Here is the Malwarebytes' Log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7487

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

8/18/2011 7:49:15 AM
mbam-log-2011-08-18 (07-49-15).txt

Scan type: Quick scan
Objects scanned: 167681
Time elapsed: 10 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And finally here is the GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-19 06:28:17
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-75ZCT2 rev.11.01A11
Running: 6n0xc1le.exe; Driver: C:\Users\Student\AppData\Local\Temp\uxrirfob.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? 84049ED8
INT 0x51 ? 84049ED8
INT 0x51 ? 84049ED8
INT 0x72 ? 85E0CBF8
INT 0x82 ? 85E0CBF8
INT 0x82 ? 85E0CBF8
INT 0x82 ? 85E0CBF8
INT 0x92 ? 85E0CBF8
INT 0x92 ? 85E0CBF8
INT 0x92 ? 85E0CBF8
INT 0x92 ? 85E0CBF8

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x87D7ED48]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x87D7ED72]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x87D7ED5E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x87D7ED34]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 82249982 5 Bytes JMP 87D7ED38 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 8240F143 5 Bytes JMP 87D7ED76 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8242E89A 7 Bytes JMP 87D7ED4C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8242EB5D 5 Bytes JMP 87D7ED62 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? System32\Drivers\spfb.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 87DE741B 5 Bytes JMP 85E0C1D8

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\svchost.exe[520] ntdll.dll!NtCreateFile 77404224 5 Bytes JMP 01BE0FEF
.text C:\Windows\System32\svchost.exe[520] ntdll.dll!NtCreateProcess 774042E4 5 Bytes JMP 01BE0FD4
.text C:\Windows\System32\svchost.exe[520] ntdll.dll!NtProtectVirtualMemory 77404B84 5 Bytes JMP 01BE000A
.text C:\Windows\System32\svchost.exe[520] kernel32.dll!GetStartupInfoW 76151929 5 Bytes JMP 01BD0F3C
.text C:\Windows\System32\svchost.exe[520] kernel32.dll!GetStartupInfoA 761519C9 5 Bytes JMP 01BD0F57
.text C:\Windows\System32\svchost.exe[520] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 01BD0F10
.text C:\Windows\System32\svchost.exe[520] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 01BD0F21
.text C:\Windows\System32\svchost.exe[520] kernel32.dll!VirtualProtect 76151DC3 5 Bytes JMP 01BD0056
.text C:\Windows\System32\svchost.exe[520] kernel32.dll!CreateNamedPipeA 76152EF5 5 Bytes JMP 01BD0FD4
.text C:\Windows\System32\svchost.exe[520] kernel32.dll!CreateNamedPipeW 76155C0C 5 Bytes JMP 01BD0FC3
.text C:\Windows\System32\svchost.exe[520] kernel32.dll!CreatePipe 76178F06 5 Bytes JMP 01BD0082
.text C:\Windows\System32\svchost.exe[520] kernel32.dll!LoadLibraryExW 7617927C 5 Bytes JMP 01BD0039
.text C:\Windows\System32\svchost.exe[520] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 01BD0F97
.text C:\Windows\System32\svchost.exe[520] kernel32.dll!LoadLibraryExA 76179554 5 Bytes JMP 01BD0F86
.text C:\Windows\System32\svchost.exe[520] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 01BD0FA8
.text C:\Windows\System32\svchost.exe[520] kernel32.dll!VirtualProtectEx 7617DC52 5 Bytes JMP 01BD0071
.text C:\Windows\System32\svchost.exe[520] kernel32.dll!GetProcAddress 7619925B 5 Bytes JMP 01BD00C2
.text C:\Windows\System32\svchost.exe[520] kernel32.dll!CreateFileW 7619B0EB 5 Bytes JMP 01BD000A
.text C:\Windows\System32\svchost.exe[520] kernel32.dll!CreateFileA 7619D07F 5 Bytes JMP 01BD0FEF
.text C:\Windows\System32\svchost.exe[520] kernel32.dll!WinExec 761E60CF 5 Bytes JMP 01BD009D
.text C:\Windows\System32\svchost.exe[520] msvcrt.dll!_wsystem 75BD7F2F 5 Bytes JMP 01F00F92
.text C:\Windows\System32\svchost.exe[520] msvcrt.dll!system 75BD804B 5 Bytes JMP 01F0001D
.text C:\Windows\System32\svchost.exe[520] msvcrt.dll!_creat 75BDBBE1 5 Bytes JMP 01F00FB7
.text C:\Windows\System32\svchost.exe[520] msvcrt.dll!_open 75BDD106 5 Bytes JMP 01F00FEF
.text C:\Windows\System32\svchost.exe[520] msvcrt.dll!_wcreat 75BDD326 5 Bytes JMP 01F0000C
.text C:\Windows\System32\svchost.exe[520] msvcrt.dll!_wopen 75BDD501 5 Bytes JMP 01F00FD2
.text C:\Windows\System32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyExA 775539AB 5 Bytes JMP 01BF0065
.text C:\Windows\System32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyA 77553BA9 5 Bytes JMP 01BF0FC3
.text C:\Windows\System32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyA 775589C7 5 Bytes JMP 01BF0FEF
.text C:\Windows\System32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyW 7756391E 5 Bytes JMP 01BF0054
.text C:\Windows\System32\svchost.exe[520] ADVAPI32.dll!RegCreateKeyExW 775641F1 5 Bytes JMP 01BF0076
.text C:\Windows\System32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyExA 77567C42 5 Bytes JMP 01BF0FDE
.text C:\Windows\System32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyW 7756E2B5 5 Bytes JMP 01BF000A
.text C:\Windows\System32\svchost.exe[520] ADVAPI32.dll!RegOpenKeyExW 77577BA1 5 Bytes JMP 01BF002F
.text C:\Windows\System32\svchost.exe[520] WS2_32.dll!socket 760036D1 5 Bytes JMP 01F50000
.text C:\Windows\System32\svchost.exe[520] WININET.dll!InternetOpenA 75F04E33 5 Bytes JMP 01BC0FEF
.text C:\Windows\System32\svchost.exe[520] WININET.dll!InternetOpenUrlA 75F0BFCE 5 Bytes JMP 01BC0025
.text C:\Windows\System32\svchost.exe[520] WININET.dll!InternetOpenW 75F3C02E 5 Bytes JMP 01BC0014
.text C:\Windows\System32\svchost.exe[520] WININET.dll!InternetOpenUrlW 75F6D70A 5 Bytes JMP 01BC0040
.text C:\Windows\system32\svchost.exe[552] ntdll.dll!NtCreateFile 77404224 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[552] ntdll.dll!NtCreateProcess 774042E4 5 Bytes JMP 001C0FB9
.text C:\Windows\system32\svchost.exe[552] ntdll.dll!NtProtectVirtualMemory 77404B84 5 Bytes JMP 001C0FD4
.text C:\Windows\system32\svchost.exe[552] kernel32.dll!GetStartupInfoW 76151929 5 Bytes JMP 001B0F1F
.text C:\Windows\system32\svchost.exe[552] kernel32.dll!GetStartupInfoA 761519C9 5 Bytes JMP 001B006F
.text C:\Windows\system32\svchost.exe[552] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 001B0EEC
.text C:\Windows\system32\svchost.exe[552] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 001B0EFD
.text C:\Windows\system32\svchost.exe[552] kernel32.dll!VirtualProtect 76151DC3 5 Bytes JMP 001B0F4E
.text C:\Windows\system32\svchost.exe[552] kernel32.dll!CreateNamedPipeA 76152EF5 5 Bytes JMP 001B0FB9
.text C:\Windows\system32\svchost.exe[552] kernel32.dll!CreateNamedPipeW 76155C0C 5 Bytes JMP 001B0FA8
.text C:\Windows\system32\svchost.exe[552] kernel32.dll!CreatePipe 76178F06 5 Bytes JMP 001B0054
.text C:\Windows\system32\svchost.exe[552] kernel32.dll!LoadLibraryExW 7617927C 5 Bytes JMP 001B0F5F
.text C:\Windows\system32\svchost.exe[552] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 001B0F97
.text C:\Windows\system32\svchost.exe[552] kernel32.dll!LoadLibraryExA 76179554 5 Bytes JMP 001B0F86
.text C:\Windows\system32\svchost.exe[552] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 001B0014
.text C:\Windows\system32\svchost.exe[552] kernel32.dll!VirtualProtectEx 7617DC52 5 Bytes JMP 001B0043
.text C:\Windows\system32\svchost.exe[552] kernel32.dll!GetProcAddress 7619925B 5 Bytes JMP 001B0ED1
.text C:\Windows\system32\svchost.exe[552] kernel32.dll!CreateFileW 7619B0EB 5 Bytes JMP 001B0FCA
.text C:\Windows\system32\svchost.exe[552] kernel32.dll!CreateFileA 7619D07F 5 Bytes JMP 001B0FEF
.text C:\Windows\system32\svchost.exe[552] kernel32.dll!WinExec 761E60CF 5 Bytes JMP 001B0F0E
.text C:\Windows\system32\svchost.exe[552] msvcrt.dll!_wsystem 75BD7F2F 5 Bytes JMP 00190FC8
.text C:\Windows\system32\svchost.exe[552] msvcrt.dll!system 75BD804B 5 Bytes JMP 00190FD9
.text C:\Windows\system32\svchost.exe[552] msvcrt.dll!_creat 75BDBBE1 5 Bytes JMP 00190038
.text C:\Windows\system32\svchost.exe[552] msvcrt.dll!_open 75BDD106 5 Bytes JMP 00190000
.text C:\Windows\system32\svchost.exe[552] msvcrt.dll!_wcreat 75BDD326 5 Bytes JMP 00190049
.text C:\Windows\system32\svchost.exe[552] msvcrt.dll!_wopen 75BDD501 5 Bytes JMP 00190011
.text C:\Windows\system32\svchost.exe[552] ADVAPI32.dll!RegCreateKeyExA 775539AB 5 Bytes JMP 001D006C
.text C:\Windows\system32\svchost.exe[552] ADVAPI32.dll!RegCreateKeyA 77553BA9 5 Bytes JMP 001D0FD4
.text C:\Windows\system32\svchost.exe[552] ADVAPI32.dll!RegOpenKeyA 775589C7 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[552] ADVAPI32.dll!RegCreateKeyW 7756391E 5 Bytes JMP 001D005B
.text C:\Windows\system32\svchost.exe[552] ADVAPI32.dll!RegCreateKeyExW 775641F1 5 Bytes JMP 001D007D
.text C:\Windows\system32\svchost.exe[552] ADVAPI32.dll!RegOpenKeyExA 77567C42 5 Bytes JMP 001D0025
.text C:\Windows\system32\svchost.exe[552] ADVAPI32.dll!RegOpenKeyW 7756E2B5 5 Bytes JMP 001D0FE5
.text C:\Windows\system32\svchost.exe[552] ADVAPI32.dll!RegOpenKeyExW 77577BA1 5 Bytes JMP 001D0040
.text C:\Windows\system32\svchost.exe[552] WS2_32.dll!socket 760036D1 5 Bytes JMP 001A0000
.text C:\Windows\Explorer.EXE[556] ntdll.dll!NtCreateFile 77404224 5 Bytes JMP 01AF0FEF
.text C:\Windows\Explorer.EXE[556] ntdll.dll!NtCreateProcess 774042E4 5 Bytes JMP 01AF0FD4
.text C:\Windows\Explorer.EXE[556] ntdll.dll!NtProtectVirtualMemory 77404B84 5 Bytes JMP 01AF000A
.text C:\Windows\Explorer.EXE[556] kernel32.dll!GetStartupInfoW 76151929 5 Bytes JMP 008800A4
.text C:\Windows\Explorer.EXE[556] kernel32.dll!GetStartupInfoA 761519C9 5 Bytes JMP 00880F5E
.text C:\Windows\Explorer.EXE[556] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 008800C9
.text C:\Windows\Explorer.EXE[556] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 00880F28
.text C:\Windows\Explorer.EXE[556] kernel32.dll!VirtualProtect 76151DC3 5 Bytes JMP 00880082
.text C:\Windows\Explorer.EXE[556] kernel32.dll!CreateNamedPipeA 76152EF5 5 Bytes JMP 0088001B
.text C:\Windows\Explorer.EXE[556] kernel32.dll!CreateNamedPipeW 76155C0C 5 Bytes JMP 00880FCA
.text C:\Windows\Explorer.EXE[556] kernel32.dll!CreatePipe 76178F06 5 Bytes JMP 00880093
.text C:\Windows\Explorer.EXE[556] kernel32.dll!LoadLibraryExW 7617927C 5 Bytes JMP 00880F9E
.text C:\Windows\Explorer.EXE[556] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 00880FAF
.text C:\Windows\Explorer.EXE[556] kernel32.dll!LoadLibraryExA 76179554 5 Bytes JMP 0088005B
.text C:\Windows\Explorer.EXE[556] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 00880036
.text C:\Windows\Explorer.EXE[556] kernel32.dll!VirtualProtectEx 7617DC52 5 Bytes JMP 00880F8D
.text C:\Windows\Explorer.EXE[556] kernel32.dll!GetProcAddress 7619925B 5 Bytes JMP 008800DA
.text C:\Windows\Explorer.EXE[556] kernel32.dll!CreateFileW 7619B0EB 5 Bytes JMP 00880000
.text C:\Windows\Explorer.EXE[556] kernel32.dll!CreateFileA 7619D07F 5 Bytes JMP 00880FEF
.text C:\Windows\Explorer.EXE[556] kernel32.dll!WinExec 761E60CF 5 Bytes JMP 00880F43
.text C:\Windows\Explorer.EXE[556] ADVAPI32.dll!RegCreateKeyExA 775539AB 5 Bytes JMP 01B00080
.text C:\Windows\Explorer.EXE[556] ADVAPI32.dll!RegCreateKeyA 77553BA9 5 Bytes JMP 01B0004A
.text C:\Windows\Explorer.EXE[556] ADVAPI32.dll!RegOpenKeyA 775589C7 5 Bytes JMP 01B00FEF
.text C:\Windows\Explorer.EXE[556] ADVAPI32.dll!RegCreateKeyW 7756391E 5 Bytes JMP 01B0005B
.text C:\Windows\Explorer.EXE[556] ADVAPI32.dll!RegCreateKeyExW 775641F1 5 Bytes JMP 01B0009B
.text C:\Windows\Explorer.EXE[556] ADVAPI32.dll!RegOpenKeyExA 77567C42 5 Bytes JMP 01B0001B
.text C:\Windows\Explorer.EXE[556] ADVAPI32.dll!RegOpenKeyW 7756E2B5 5 Bytes JMP 01B0000A
.text C:\Windows\Explorer.EXE[556] ADVAPI32.dll!RegOpenKeyExW 77577BA1 5 Bytes JMP 01B00FD4
.text C:\Windows\Explorer.EXE[556] msvcrt.dll!_wsystem 75BD7F2F 5 Bytes JMP 00830062
.text C:\Windows\Explorer.EXE[556] msvcrt.dll!system 75BD804B 5 Bytes JMP 00830FCD
.text C:\Windows\Explorer.EXE[556] msvcrt.dll!_creat 75BDBBE1 5 Bytes JMP 00830022
.text C:\Windows\Explorer.EXE[556] msvcrt.dll!_open 75BDD106 5 Bytes JMP 00830000
.text C:\Windows\Explorer.EXE[556] msvcrt.dll!_wcreat 75BDD326 5 Bytes JMP 0083003D
.text C:\Windows\Explorer.EXE[556] msvcrt.dll!_wopen 75BDD501 5 Bytes JMP 00830011
.text C:\Windows\Explorer.EXE[556] WS2_32.dll!socket 760036D1 5 Bytes JMP 00870000
.text C:\Windows\Explorer.EXE[556] WININET.dll!InternetOpenA 75F04E33 5 Bytes JMP 0256000A
.text C:\Windows\Explorer.EXE[556] WININET.dll!InternetOpenUrlA 75F0BFCE 5 Bytes JMP 02560FEF
.text C:\Windows\Explorer.EXE[556] WININET.dll!InternetOpenW 75F3C02E 5 Bytes JMP 0256001B
.text C:\Windows\Explorer.EXE[556] WININET.dll!InternetOpenUrlW 75F6D70A 5 Bytes JMP 02560040
.text C:\Windows\system32\services.exe[700] ntdll.dll!NtCreateFile 77404224 5 Bytes JMP 00490FEF
.text C:\Windows\system32\services.exe[700] ntdll.dll!NtCreateProcess 774042E4 5 Bytes JMP 00490014
.text C:\Windows\system32\services.exe[700] ntdll.dll!NtProtectVirtualMemory 77404B84 5 Bytes JMP 00490FDE
.text C:\Windows\system32\services.exe[700] kernel32.dll!GetStartupInfoW 76151929 5 Bytes JMP 00480072
.text C:\Windows\system32\services.exe[700] kernel32.dll!GetStartupInfoA 761519C9 5 Bytes JMP 00480F2C
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 00480F00
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 00480F1B
.text C:\Windows\system32\services.exe[700] kernel32.dll!VirtualProtect 76151DC3 5 Bytes JMP 00480F69
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateNamedPipeA 76152EF5 5 Bytes JMP 00480FC3
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateNamedPipeW 76155C0C 5 Bytes JMP 00480FB2
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreatePipe 76178F06 5 Bytes JMP 00480F47
.text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryExW 7617927C 5 Bytes JMP 00480043
.text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 00480028
.text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryExA 76179554 5 Bytes JMP 00480F86
.text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 00480F97
.text C:\Windows\system32\services.exe[700] kernel32.dll!VirtualProtectEx 7617DC52 5 Bytes JMP 00480F58
.text C:\Windows\system32\services.exe[700] kernel32.dll!GetProcAddress 7619925B 5 Bytes JMP 004800BC
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateFileW 7619B0EB 5 Bytes JMP 00480FDE
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateFileA 7619D07F 5 Bytes JMP 00480FEF
.text C:\Windows\system32\services.exe[700] kernel32.dll!WinExec 761E60CF 5 Bytes JMP 00480097
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyExA 775539AB 5 Bytes JMP 00990F79
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyA 77553BA9 5 Bytes JMP 00990F9B
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyA 775589C7 5 Bytes JMP 00990000
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyW 7756391E 5 Bytes JMP 00990F8A
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyExW 775641F1 5 Bytes JMP 00990F5E
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyExA 77567C42 5 Bytes JMP 00990FD1
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyW 7756E2B5 5 Bytes JMP 00990011
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyExW 77577BA1 5 Bytes JMP 00990FC0
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_wsystem 75BD7F2F 5 Bytes JMP 004A0FAF
.text C:\Windows\system32\services.exe[700] msvcrt.dll!system 75BD804B 5 Bytes JMP 004A0FCA
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_creat 75BDBBE1 1 Byte [E9]
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_creat 75BDBBE1 5 Bytes JMP 004A0FE5
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_open 75BDD106 5 Bytes JMP 004A000C
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_wcreat 75BDD326 5 Bytes JMP 004A003A
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_wopen 75BDD501 5 Bytes JMP 004A0029
.text C:\Windows\system32\services.exe[700] WS2_32.dll!socket 760036D1 5 Bytes JMP 00980000
.text C:\Windows\system32\lsass.exe[732] ntdll.dll!NtCreateFile 77404224 5 Bytes JMP 001C0000
.text C:\Windows\system32\lsass.exe[732] ntdll.dll!NtCreateProcess 774042E4 5 Bytes JMP 001C0025
.text C:\Windows\system32\lsass.exe[732] ntdll.dll!NtProtectVirtualMemory 77404B84 5 Bytes JMP 001C0FE5
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!GetStartupInfoW 76151929 5 Bytes JMP 001B00C6
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!GetStartupInfoA 761519C9 5 Bytes JMP 001B00B5
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 001B0F4A
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 001B0F5B
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!VirtualProtect 76151DC3 5 Bytes JMP 001B0FAF
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!CreateNamedPipeA 76152EF5 5 Bytes JMP 001B001B
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!CreateNamedPipeW 76155C0C 5 Bytes JMP 001B0040
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!CreatePipe 76178F06 5 Bytes JMP 001B00A4
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!LoadLibraryExW 7617927C 5 Bytes JMP 001B0FC0
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 001B0062
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!LoadLibraryExA 76179554 5 Bytes JMP 001B007D
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 001B0051
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!VirtualProtectEx 7617DC52 5 Bytes JMP 001B0F9E
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!GetProcAddress 7619925B 5 Bytes JMP 001B00FC
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!CreateFileW 7619B0EB 1 Byte [E9]
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!CreateFileW 7619B0EB 5 Bytes JMP 001B0FEF
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!CreateFileA 7619D07F 5 Bytes JMP 001B000A
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!WinExec 761E60CF 5 Bytes JMP 001B00E1
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyExA 775539AB 5 Bytes JMP 002A0047
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyA 77553BA9 5 Bytes JMP 002A002C
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyA 775589C7 5 Bytes JMP 002A0000
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyW 7756391E 5 Bytes JMP 002A0F9B
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!RegCreateKeyExW 775641F1 5 Bytes JMP 002A0062
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyExA 77567C42 5 Bytes JMP 002A0FD1
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyW 7756E2B5 5 Bytes JMP 002A0011
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!RegOpenKeyExW 77577BA1 5 Bytes JMP 002A0FC0
.text C:\Windows\system32\lsass.exe[732] msvcrt.dll!_wsystem 75BD7F2F 5 Bytes JMP 001D0FA8
.text C:\Windows\system32\lsass.exe[732] msvcrt.dll!system 75BD804B 5 Bytes JMP 001D0FB9
.text C:\Windows\system32\lsass.exe[732] msvcrt.dll!_creat 75BDBBE1 5 Bytes JMP 001D0FDE
.text C:\Windows\system32\lsass.exe[732] msvcrt.dll!_open 75BDD106 5 Bytes JMP 001D000C
.text C:\Windows\system32\lsass.exe[732] msvcrt.dll!_wcreat 75BDD326 5 Bytes JMP 001D0029
.text C:\Windows\system32\lsass.exe[732] msvcrt.dll!_wopen 75BDD501 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\lsass.exe[732] WS2_32.dll!socket 760036D1 5 Bytes JMP 00290000
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtCreateFile 77404224 5 Bytes JMP 00140000
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtCreateProcess 774042E4 5 Bytes JMP 0014002C
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtProtectVirtualMemory 77404B84 5 Bytes JMP 0014001B
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetStartupInfoW 76151929 5 Bytes JMP 0013008A
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetStartupInfoA 761519C9 5 Bytes JMP 00130079
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 00130F0E
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 00130F1F
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!VirtualProtect 76151DC3 5 Bytes JMP 00130F7A
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeA 76152EF5 5 Bytes JMP 00130014
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeW 76155C0C 5 Bytes JMP 00130FC3
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreatePipe 76178F06 5 Bytes JMP 00130F4E
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryExW 7617927C 5 Bytes JMP 00130054
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 00130FA1
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryExA 76179554 5 Bytes JMP 00130043
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 00130FB2
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!VirtualProtectEx 7617DC52 5 Bytes JMP 00130F69
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetProcAddress 7619925B 5 Bytes JMP 001300C0
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateFileW 7619B0EB 5 Bytes JMP 00130FDE
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateFileA 7619D07F 5 Bytes JMP 00130FEF
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!WinExec 761E60CF 5 Bytes JMP 0013009B
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_wsystem 75BD7F2F 5 Bytes JMP 00150F8D
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!system 75BD804B 5 Bytes JMP 00150F9E
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_creat 75BDBBE1 5 Bytes JMP 00150018
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_open 75BDD106 5 Bytes JMP 00150FEF
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_wcreat 75BDD326 5 Bytes JMP 00150FC3
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_wopen 75BDD501 5 Bytes JMP 00150FDE
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExA 775539AB 5 Bytes JMP 001C0F9E
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyA 77553BA9 5 Bytes JMP 001C0FB9
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyA 775589C7 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW 7756391E 5 Bytes JMP 001C0040
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExW 775641F1 5 Bytes JMP 001C0F83
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExA 77567C42 5 Bytes JMP 001C000A
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyW 7756E2B5 5 Bytes JMP 001C0FD4
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExW 77577BA1 5 Bytes JMP 001C001B
.text C:\Windows\system32\svchost.exe[920] WS2_32.dll!socket 760036D1 5 Bytes JMP 00170FEF
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtCreateFile 77404224 5 Bytes JMP 006B000A
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtCreateProcess 774042E4 5 Bytes JMP 006B002C
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtProtectVirtualMemory 77404B84 5 Bytes JMP 006B001B
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetStartupInfoW 76151929 5 Bytes JMP 00210F61
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetStartupInfoA 761519C9 5 Bytes JMP 00210F72
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 00210F2B
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 00210F3C
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!VirtualProtect 76151DC3 5 Bytes JMP 00210FB9
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeA 76152EF5 5 Bytes JMP 0021002C
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeW 76155C0C 5 Bytes JMP 00210047
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreatePipe 76178F06 5 Bytes JMP 00210F8D
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW 7617927C 5 Bytes JMP 00210093
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 0021006C
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryExA 76179554 5 Bytes JMP 00210FCA
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 00210FDB
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!VirtualProtectEx 7617DC52 5 Bytes JMP 00210FA8
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetProcAddress 7619925B 5 Bytes JMP 00210F10
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateFileW 7619B0EB 5 Bytes JMP 0021001B
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateFileA 7619D07F 5 Bytes JMP 0021000A
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!WinExec 761E60CF 5 Bytes JMP 002100C2
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_wsystem 75BD7F2F 5 Bytes JMP 006C002F
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!system 75BD804B 5 Bytes JMP 006C0FA4
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_creat 75BDBBE1 5 Bytes JMP 006C0000
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_open 75BDD106 5 Bytes JMP 006C0FE3
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_wcreat 75BDD326 5 Bytes JMP 006C0FB5
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_wopen 75BDD501 5 Bytes JMP 006C0FD2
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExA 775539AB 5 Bytes JMP 00770051
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyA 77553BA9 5 Bytes JMP 0077002F
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyA 775589C7 5 Bytes JMP 00770FE5
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyW 7756391E 5 Bytes JMP 00770040
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExW 775641F1 5 Bytes JMP 0077006C
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExA 77567C42 5 Bytes JMP 0077000A
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyW 7756E2B5 5 Bytes JMP 00770FD4
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExW 77577BA1 5 Bytes JMP 00770FB9
.text C:\Windows\system32\svchost.exe[980] WS2_32.dll!socket 760036D1 5 Bytes JMP 006D0000
.text C:\Windows\System32\svchost.exe[1116] ntdll.dll!NtCreateFile 77404224 5 Bytes JMP 006B0FEF
.text C:\Windows\System32\svchost.exe[1116] ntdll.dll!NtCreateProcess 774042E4 5 Bytes JMP 006B001B
.text C:\Windows\System32\svchost.exe[1116] ntdll.dll!NtProtectVirtualMemory 77404B84 5 Bytes JMP 006B0000
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!GetStartupInfoW 76151929 5 Bytes JMP 006A0087
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!GetStartupInfoA 761519C9 5 Bytes JMP 006A0F41
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 006A0F0B
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 006A0F26
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!VirtualProtect 76151DC3 5 Bytes JMP 006A0F77
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!CreateNamedPipeA 76152EF5 5 Bytes JMP 006A0025
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!CreateNamedPipeW 76155C0C 5 Bytes JMP 006A0036
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!CreatePipe 76178F06 5 Bytes JMP 006A0F5C
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!LoadLibraryExW 7617927C 5 Bytes JMP 006A0F94
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 006A0FC0
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!LoadLibraryExA 76179554 5 Bytes JMP 006A0FAF
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 006A0047
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!VirtualProtectEx 7617DC52 5 Bytes JMP 006A006C
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!GetProcAddress 7619925B 5 Bytes JMP 006A0EFA
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!CreateFileW 7619B0EB 5 Bytes JMP 006A0014
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!CreateFileA 7619D07F 5 Bytes JMP 006A0FEF
.text C:\Windows\System32\svchost.exe[1116] kernel32.dll!WinExec 761E60CF 5 Bytes JMP 006A0098
.text C:\Windows\System32\svchost.exe[1116] msvcrt.dll!_wsystem 75BD7F2F 5 Bytes JMP 006C002E
.text C:\Windows\System32\svchost.exe[1116] msvcrt.dll!system 75BD804B 5 Bytes JMP 006C001D
.text C:\Windows\System32\svchost.exe[1116] msvcrt.dll!_creat 75BDBBE1 5 Bytes JMP 006C0FD2
.text C:\Windows\System32\svchost.exe[1116] msvcrt.dll!_open 75BDD106 5 Bytes JMP 006C0000
.text C:\Windows\System32\svchost.exe[1116] msvcrt.dll!_wcreat 75BDD326 5 Bytes JMP 006C0FAD
.text C:\Windows\System32\svchost.exe[1116] msvcrt.dll!_wopen 75BDD501 5 Bytes JMP 006C0FEF
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExA 775539AB 5 Bytes JMP 00900040
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyA 77553BA9 5 Bytes JMP 00900025
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyA 775589C7 5 Bytes JMP 00900000
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyW 7756391E 5 Bytes JMP 00900F9E
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExW 775641F1 5 Bytes JMP 00900F79
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExA 77567C42 5 Bytes JMP 00900FD4
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyW 7756E2B5 5 Bytes JMP 00900FE5
.text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExW 77577BA1 5 Bytes JMP 00900FC3
.text C:\Windows\System32\svchost.exe[1116] WS2_32.dll!socket 760036D1 5 Bytes JMP 008E0FE5
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateFile 77404224 5 Bytes JMP 004C000A
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtCreateProcess 774042E4 5 Bytes JMP 004C001B
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!NtProtectVirtualMemory 77404B84 5 Bytes JMP 004C0FE5
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!GetStartupInfoW 76151929 5 Bytes JMP 004B00AE
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!GetStartupInfoA 761519C9 5 Bytes JMP 004B0093
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 004B00E4
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 004B0F4D
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!VirtualProtect 76151DC3 5 Bytes JMP 004B0067
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateNamedPipeA 76152EF5 5 Bytes JMP 004B0FB9
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateNamedPipeW 76155C0C 5 Bytes JMP 004B0014
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreatePipe 76178F06 5 Bytes JMP 004B0082
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExW 7617927C 5 Bytes JMP 004B0056
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 004B0F97
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExA 76179554 5 Bytes JMP 004B0039
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 004B0FA8
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!VirtualProtectEx 7617DC52 5 Bytes JMP 004B0F72
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!GetProcAddress 7619925B 5 Bytes JMP 004B0F28
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateFileW 7619B0EB 5 Bytes JMP 004B0FD4
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!CreateFileA 7619D07F 5 Bytes JMP 004B0FEF
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!WinExec 761E60CF 5 Bytes JMP 004B00BF
.text C:\Windows\System32\svchost.exe[1144] msvcrt.dll!_wsystem 75BD7F2F 5 Bytes JMP 004D0F95
.text C:\Windows\System32\svchost.exe[1144] msvcrt.dll!system 75BD804B 5 Bytes JMP 004D0FA6
.text C:\Windows\System32\svchost.exe[1144] msvcrt.dll!_creat 75BDBBE1 5 Bytes JMP 004D0FC1
.text C:\Windows\System32\svchost.exe[1144] msvcrt.dll!_open 75BDD106 5 Bytes JMP 004D0FEF
.text C:\Windows\System32\svchost.exe[1144] msvcrt.dll!_wcreat 75BDD326 5 Bytes JMP 004D0016
.text C:\Windows\System32\svchost.exe[1144] msvcrt.dll!_wopen 75BDD501 5 Bytes JMP 004D0FD2
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExA 775539AB 5 Bytes JMP 005D0047
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyA 77553BA9 5 Bytes JMP 005D0FA5
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyA 775589C7 5 Bytes JMP 005D0FEF
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyW 7756391E 5 Bytes JMP 005D0036
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExW 775641F1 5 Bytes JMP 005D0F8A
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExA 77567C42 5 Bytes JMP 005D001B
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyW 7756E2B5 5 Bytes JMP 005D000A
.text C:\Windows\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExW 77577BA1 5 Bytes JMP 005D0FCA
.text C:\Windows\System32\svchost.exe[1144] WS2_32.dll!socket 760036D1 5 Bytes JMP 004E0000
.text C:\Windows\system32\svchost.exe[1188] ntdll.dll!NtCreateFile 77404224 5 Bytes JMP 01360FEF
.text C:\Windows\system32\svchost.exe[1188] ntdll.dll!NtCreateProcess 774042E4 5 Bytes JMP 01360FD4
.text C:\Windows\system32\svchost.exe[1188] ntdll.dll!NtProtectVirtualMemory 77404B84 5 Bytes JMP 0136000A
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!GetStartupInfoW 76151929 5 Bytes JMP 013500AE
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!GetStartupInfoA 761519C9 5 Bytes JMP 01350F68
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 013500DD
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 01350F46
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!VirtualProtect 76151DC3 5 Bytes JMP 01350089
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!CreateNamedPipeA 76152EF5 5 Bytes JMP 01350FD4
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!CreateNamedPipeW 76155C0C 5 Bytes JMP 01350025
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!CreatePipe 76178F06 5 Bytes JMP 01350F79
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExW 7617927C 5 Bytes JMP 0135006C
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 01350051
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExA 76179554 5 Bytes JMP 01350FAF
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 01350040
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!VirtualProtectEx 7617DC52 5 Bytes JMP 01350F94
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!GetProcAddress 7619925B 5 Bytes JMP 01350F2B
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!CreateFileW 7619B0EB 5 Bytes JMP 0135000A
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!CreateFileA 7619D07F 5 Bytes JMP 01350FEF
.text C:\Windows\system32\svchost.exe[1188] kernel32.dll!WinExec 761E60CF 5 Bytes JMP 01350F57
.text C:\Windows\system32\svchost.exe[1188] msvcrt.dll!_wsystem 75BD7F2F 5 Bytes JMP 013B0038
.text C:\Windows\system32\svchost.exe[1188] msvcrt.dll!system 75BD804B 5 Bytes JMP 013B0FAD
.text C:\Windows\system32\svchost.exe[1188] msvcrt.dll!_creat 75BDBBE1 5 Bytes JMP 013B0FE3
.text C:\Windows\system32\svchost.exe[1188] msvcrt.dll!_open 75BDD106 5 Bytes JMP 013B0000
.text C:\Windows\system32\svchost.exe[1188] msvcrt.dll!_wcreat 75BDD326 5 Bytes JMP 013B0FC8
.text C:\Windows\system32\svchost.exe[1188] msvcrt.dll!_wopen 75BDD501 5 Bytes JMP 013B001D
.text C:\Windows\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyExA 775539AB 5 Bytes JMP 0141004A
.text C:\Windows\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyA 77553BA9 5 Bytes JMP 0141002F
.text C:\Windows\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyA 775589C7 5 Bytes JMP 01410FEF
.text C:\Windows\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyW 7756391E 5 Bytes JMP 01410FA8
.text C:\Windows\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyExW 775641F1 5 Bytes JMP 01410F97
.text C:\Windows\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyExA 77567C42 5 Bytes JMP 01410FD4
.text C:\Windows\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyW 7756E2B5 5 Bytes JMP 0141000A
.text C:\Windows\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyExW 77577BA1 5 Bytes JMP 01410FC3
.text C:\Windows\system32\svchost.exe[1188] WS2_32.dll!socket 760036D1 5 Bytes JMP 01400000
.text C:\Windows\system32\svchost.exe[1188] WININET.dll!InternetOpenA 75F04E33 5 Bytes JMP 01420FE5
.text C:\Windows\system32\svchost.exe[1188] WININET.dll!InternetOpenUrlA 75F0BFCE 5 Bytes JMP 0142001B
.text C:\Windows\system32\svchost.exe[1188] WININET.dll!InternetOpenW 75F3C02E 5 Bytes JMP 0142000A
.text C:\Windows\system32\svchost.exe[1188] WININET.dll!InternetOpenUrlW 75F6D70A 5 Bytes JMP 0142002C
.text C:\Windows\system32\svchost.exe[1280] ntdll.dll!NtCreateFile 77404224 5 Bytes JMP 001A0000
.text C:\Windows\system32\svchost.exe[1280] ntdll.dll!NtCreateProcess 774042E4 5 Bytes JMP 001A001B
.text C:\Windows\system32\svchost.exe[1280] ntdll.dll!NtProtectVirtualMemory 77404B84 5 Bytes JMP 001A0FDB
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoW 76151929 5 Bytes JMP 0015009A
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoA 761519C9 5 Bytes JMP 00150089
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 001500C6
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 001500B5
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!VirtualProtect 76151DC3 5 Bytes JMP 00150F79
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeA 76152EF5 5 Bytes JMP 00150011
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeW 76155C0C 5 Bytes JMP 0015002C
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreatePipe 76178F06 5 Bytes JMP 00150F5E
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExW 7617927C 5 Bytes JMP 00150F8A
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 00150FB6
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExA 76179554 5 Bytes JMP 00150FA5
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 0015003D
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!VirtualProtectEx 7617DC52 5 Bytes JMP 0015006E
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!GetProcAddress 7619925B 5 Bytes JMP 001500D7
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateFileW 7619B0EB 5 Bytes JMP 00150FDB
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateFileA 7619D07F 5 Bytes JMP 00150000
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!WinExec 761E60CF 5 Bytes JMP 00150F39
.text C:\Windows\system32\svchost.exe[1280] msvcrt.dll!_wsystem 75BD7F2F 5 Bytes JMP 001B003D
.text C:\Windows\system32\svchost.exe[1280] msvcrt.dll!system 75BD804B 5 Bytes JMP 001B0FB2
.text C:\Windows\system32\svchost.exe[1280] msvcrt.dll!_creat 75BDBBE1 5 Bytes JMP 001B0011
.text C:\Windows\system32\svchost.exe[1280] msvcrt.dll!_open 75BDD106 5 Bytes JMP 001B0FEF
.text C:\Windows\system32\svchost.exe[1280] msvcrt.dll!_wcreat 75BDD326 5 Bytes JMP 001B0022
.text C:\Windows\system32\svchost.exe[1280] msvcrt.dll!_wopen 75BDD501 5 Bytes JMP 001B0000
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExA 775539AB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExA 775539AB 5 Bytes JMP 001D0FAF
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyA 77553BA9 5 Bytes JMP 001D0040
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyA 775589C7 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyW 7756391E 5 Bytes JMP 001D0051
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExW 775641F1 5 Bytes JMP 001D0F94
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExA 77567C42 5 Bytes JMP 001D001B
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyW 7756E2B5 5 Bytes JMP 001D000A
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExW 77577BA1 5 Bytes JMP 001D0FCA
.text C:\Windows\system32\svchost.exe[1280] WS2_32.dll!socket 760036D1 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtCreateFile 77404224 5 Bytes JMP 00D30000
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtCreateProcess 774042E4 5 Bytes JMP 00D3001B
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtProtectVirtualMemory 77404B84 5 Bytes JMP 00D30FE5
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!GetStartupInfoW 76151929 5 Bytes JMP 008D00CD
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!GetStartupInfoA 761519C9 5 Bytes JMP 008D00A8
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 008D0F40
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 008D0F5B
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!VirtualProtect 76151DC3 5 Bytes JMP 008D007C
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateNamedPipeA 76152EF5 5 Bytes JMP 008D0022
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateNamedPipeW 76155C0C 5 Bytes JMP 008D003D
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreatePipe 76178F06 5 Bytes JMP 008D0F87
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExW 7617927C 5 Bytes JMP 008D006B
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 008D004E
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExA 76179554 5 Bytes JMP 008D0FA2
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 008D0FC7
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!VirtualProtectEx 7617DC52 5 Bytes JMP 008D008D
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!GetProcAddress 7619925B 5 Bytes JMP 008D00FC
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateFileW 7619B0EB 5 Bytes JMP 008D0011
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!CreateFileA 7619D07F 5 Bytes JMP 008D0000
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!WinExec 761E60CF 5 Bytes JMP 008D0F6C
.text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!_wsystem 75BD7F2F 5 Bytes JMP 00D90F9E
.text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!system 75BD804B 5 Bytes JMP 00D90033
.text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!_creat 75BDBBE1 5 Bytes JMP 00D90FCD
.text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!_open 75BDD106 5 Bytes JMP 00D90FEF
.text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!_wcreat 75BDD326 5 Bytes JMP 00D90022
.text C:\Windows\system32\svchost.exe[1352] msvcrt.dll!_wopen 75BDD501 5 Bytes JMP 00D90FDE
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExA 775539AB 5 Bytes JMP 00D40F79
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyA 77553BA9 5 Bytes JMP 00D40FAF
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyA 775589C7 5 Bytes JMP 00D40000
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyW 7756391E 5 Bytes JMP 00D40F8A
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExW 775641F1 5 Bytes JMP 00D40F5E
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExA 77567C42 5 Bytes JMP 00D4001B
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyW 7756E2B5 5 Bytes JMP 00D40FE5
.text C:\Windows\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExW 77577BA1 5 Bytes JMP 00D40FC0
.text C:\Windows\system32\svchost.exe[1352] WS2_32.dll!socket 760036D1 5 Bytes JMP 00DB0FEF
.text C:\Windows\system32\svchost.exe[1352] WININET.dll!InternetOpenA 75F04E33 5 Bytes JMP 00DA0000
.text C:\Windows\system32\svchost.exe[1352] WININET.dll!InternetOpenUrlA 75F0BFCE 5 Bytes JMP 00DA001B
.text C:\Windows\system32\svchost.exe[1352] WININET.dll!InternetOpenW 75F3C02E 5 Bytes JMP 00DA0FE5
.text C:\Windows\system32\svchost.exe[1352] WININET.dll!InternetOpenUrlW 75F6D70A 5 Bytes JMP 00DA0040
.text C:\Windows\system32\svchost.exe[1504] ntdll.dll!NtCreateFile 77404224 5 Bytes JMP 00D60000
.text C:\Windows\system32\svchost.exe[1504] ntdll.dll!NtCreateProcess 774042E4 5 Bytes JMP 00D6001B
.text C:\Windows\system32\svchost.exe[1504] ntdll.dll!NtProtectVirtualMemory 77404B84 5 Bytes JMP 00D60FE5
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoW 76151929 5 Bytes JMP 00D10F72
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetStartupInfoA 761519C9 5 Bytes JMP 00D10F83
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 00D100E4
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 00D10F4D
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!VirtualProtect 76151DC3 5 Bytes JMP 00D10089
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeA 76152EF5 5 Bytes JMP 00D1001B
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateNamedPipeW 76155C0C 5 Bytes JMP 00D10036
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreatePipe 76178F06 5 Bytes JMP 00D10F94
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExW 7617927C 5 Bytes JMP 00D10FAF
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 00D10FC0
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExA 76179554 5 Bytes JMP 00D1006C
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 00D10047
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!VirtualProtectEx 7617DC52 5 Bytes JMP 00D100A4
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetProcAddress 7619925B 5 Bytes JMP 00D10109
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateFileW 7619B0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateFileW 7619B0EB 5 Bytes JMP 00D10FEF
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!CreateFileA 7619D07F 5 Bytes JMP 00D10000
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!WinExec 761E60CF 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!WinExec 761E60CF 5 Bytes JMP 00D100D3
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wsystem 75BD7F2F 5 Bytes JMP 00D80040
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!system 75BD804B 5 Bytes JMP 00D80025
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_creat 75BDBBE1 5 Bytes JMP 00D80FC6
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_open 75BDD106 5 Bytes JMP 00D80000
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wcreat 75BDD326 5 Bytes JMP 00D80FB5
.text C:\Windows\system32\svchost.exe[1504] msvcrt.dll!_wopen 75BDD501 5 Bytes JMP 00D80FE3
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExA 775539AB 5 Bytes JMP 00D70F54
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyA 77553BA9 5 Bytes JMP 00D70F8A
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyA 775589C7 5 Bytes JMP 00D70FEF
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyW 7756391E 5 Bytes JMP 00D70F6F
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegCreateKeyExW 775641F1 5 Bytes JMP 00D70F43
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExA 77567C42 5 Bytes JMP 00D70FAF
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyW 7756E2B5 5 Bytes JMP 00D70FCA
.text C:\Windows\system32\svchost.exe[1504] ADVAPI32.dll!RegOpenKeyExW 77577BA1 5 Bytes JMP 00D70000
.text C:\Windows\system32\svchost.exe[1504] WS2_32.dll!socket 760036D1 5 Bytes JMP 00D90000
.text C:\Windows\system32\svchost.exe[1740] ntdll.dll!NtCreateFile 77404224 5 Bytes JMP 0025000A
.text C:\Windows\system32\svchost.exe[1740] ntdll.dll!NtCreateProcess 774042E4 5 Bytes JMP 00250025
.text C:\Windows\system32\svchost.exe[1740] ntdll.dll!NtProtectVirtualMemory 77404B84 5 Bytes JMP 00250FEF
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!GetStartupInfoW 76151929 5 Bytes JMP 00240F15
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!GetStartupInfoA 761519C9 5 Bytes JMP 00240F30
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 00240EE9
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 00240080
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!VirtualProtect 76151DC3 5 Bytes JMP 0024004A
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateNamedPipeA 76152EF5 5 Bytes JMP 00240FD4
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateNamedPipeW 76155C0C 5 Bytes JMP 00240FC3
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreatePipe 76178F06 5 Bytes JMP 00240F55
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!LoadLibraryExW 7617927C 5 Bytes JMP 00240039
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 00240F8D
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!LoadLibraryExA 76179554 5 Bytes JMP 00240F7C
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 00240FA8
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!VirtualProtectEx 7617DC52 5 Bytes JMP 0024005B
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!GetProcAddress 7619925B 5 Bytes JMP 0024009B
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateFileW 7619B0EB 5 Bytes JMP 00240FE5
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateFileA 7619D07F 5 Bytes JMP 00240000
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!WinExec 761E60CF 5 Bytes JMP 00240F04
.text C:\Windows\system32\svchost.exe[1740] msvcrt.dll!_wsystem 75BD7F2F 5 Bytes JMP 002D0047
.text C:\Windows\system32\svchost.exe[1740] msvcrt.dll!system 75BD804B 5 Bytes JMP 002D002C
.text C:\Windows\system32\svchost.exe[1740] msvcrt.dll!_creat 75BDBBE1 5 Bytes JMP 002D0FC6
.text C:\Windows\system32\svchost.exe[1740] msvcrt.dll!_open 75BDD106 5 Bytes JMP 002D0FE3
.text C:\Windows\system32\svchost.exe[1740] msvcrt.dll!_wcreat 75BDD326 5 Bytes JMP 002D0011
.text C:\Windows\system32\svchost.exe[1740] msvcrt.dll!_wopen 75BDD501 5 Bytes JMP 002D0000
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyExA 775539AB 5 Bytes JMP 00260F8A
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyA 77553BA9 5 Bytes JMP 0026002C
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyA 775589C7 5 Bytes JMP 00260000
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyW 7756391E 5 Bytes JMP 00260FA5
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyExW 775641F1 5 Bytes JMP 00260F79
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyExA 77567C42 5 Bytes JMP 00260FC0
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyW 7756E2B5 5 Bytes JMP 00260FDB
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyExW 77577BA1 5 Bytes JMP 00260011
.text C:\Windows\system32\svchost.exe[1740] WS2_32.dll!socket 760036D1 5 Bytes JMP 00360FEF
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2276] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 6B1A9A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2276] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 6B1A99A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[2604] ntdll.dll!NtCreateFile 77404224 5 Bytes JMP 006A0FEF
.text C:\Windows\system32\svchost.exe[2604] ntdll.dll!NtCreateProcess 774042E4 5 Bytes JMP 006A0011
.text C:\Windows\system32\svchost.exe[2604] ntdll.dll!NtProtectVirtualMemory 77404B84 5 Bytes JMP 006A0000
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!GetStartupInfoW 76151929 5 Bytes JMP 00650F32
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!GetStartupInfoA 761519C9 5 Bytes JMP 00650F4D
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 006500AE
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 00650093
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!VirtualProtect 76151DC3 5 Bytes JMP 00650067
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!CreateNamedPipeA 76152EF5 5 Bytes JMP 00650FB9
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!CreateNamedPipeW 76155C0C 5 Bytes JMP 00650014
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!CreatePipe 76178F06 5 Bytes JMP 00650078
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!LoadLibraryExW 7617927C 5 Bytes JMP 0065004A
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 00650F97
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!LoadLibraryExA 76179554 5 Bytes JMP 0065002F
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 00650FA8
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!VirtualProtectEx 7617DC52 5 Bytes JMP 00650F68
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!GetProcAddress 7619925B 5 Bytes JMP 006500BF
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!CreateFileW 7619B0EB 5 Bytes JMP 00650FDE
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!CreateFileA 7619D07F 5 Bytes JMP 00650FEF
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!WinExec 761E60CF 5 Bytes JMP 00650F17
.text C:\Windows\system32\svchost.exe[2604] msvcrt.dll!_wsystem 75BD7F2F 5 Bytes JMP 00070055
.text C:\Windows\system32\svchost.exe[2604] msvcrt.dll!system 75BD804B 5 Bytes JMP 00070044
.text C:\Windows\system32\svchost.exe[2604] msvcrt.dll!_creat 75BDBBE1 5 Bytes JMP 00070029
.text C:\Windows\system32\svchost.exe[2604] msvcrt.dll!_open 75BDD106 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[2604] msvcrt.dll!_wcreat 75BDD326 5 Bytes JMP 00070FDE
.text C:\Windows\system32\svchost.exe[2604] msvcrt.dll!_wopen 75BDD501 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!RegCreateKeyExA 775539AB 5 Bytes JMP 006B0F97
.text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!RegCreateKeyA 77553BA9 5 Bytes JMP 006B002F
.text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!RegOpenKeyA 775589C7 5 Bytes JMP 006B0FEF
.text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!RegCreateKeyW 7756391E 5 Bytes JMP 006B0FA8
.text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!RegCreateKeyExW 775641F1 5 Bytes JMP 006B0F86
.text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!RegOpenKeyExA 77567C42 5 Bytes JMP 006B0FD4
.text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!RegOpenKeyW 7756E2B5 5 Bytes JMP 006B000A
.text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!RegOpenKeyExW 77577BA1 5 Bytes JMP 006B0FB9
.text C:\Windows\system32\svchost.exe[2604] WS2_32.dll!socket 760036D1 5 Bytes JMP 001B0FEF
.text C:\Windows\system32\svchost.exe[2648] ntdll.dll!NtCreateFile 77404224 5 Bytes JMP 00630000
.text C:\Windows\system32\svchost.exe[2648] ntdll.dll!NtCreateProcess 774042E4 5 Bytes JMP 00630FDE
.text C:\Windows\system32\svchost.exe[2648] ntdll.dll!NtProtectVirtualMemory 77404B84 5 Bytes JMP 00630FEF
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!GetStartupInfoW 76151929 5 Bytes JMP 00560F5E
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!GetStartupInfoA 761519C9 5 Bytes JMP 005600A4
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 005600DA
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 005600C9
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!VirtualProtect 76151DC3 5 Bytes JMP 00560082
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreateNamedPipeA 76152EF5 5 Bytes JMP 00560FE5
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreateNamedPipeW 76155C0C 5 Bytes JMP 00560036
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreatePipe 76178F06 5 Bytes JMP 00560093
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!LoadLibraryExW 7617927C 5 Bytes JMP 00560F9E
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 00560FAF
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!LoadLibraryExA 76179554 5 Bytes JMP 0056005B
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 00560FCA
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!VirtualProtectEx 7617DC52 5 Bytes JMP 00560F83
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!GetProcAddress 7619925B 5 Bytes JMP 00560F28
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreateFileW 7619B0EB 5 Bytes JMP 0056001B
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!CreateFileA 7619D07F 5 Bytes JMP 00560000
.text C:\Windows\system32\svchost.exe[2648] kernel32.dll!WinExec 761E60CF 5 Bytes JMP 00560F43
.text C:\Windows\system32\svchost.exe[2648] msvcrt.dll!_wsystem 75BD7F2F 5 Bytes JMP 00540F97
.text C:\Windows\system32\svchost.exe[2648] msvcrt.dll!system 75BD804B 5 Bytes JMP 00540FA8
.text C:\Windows\system32\svchost.exe[2648] msvcrt.dll!_creat 75BDBBE1 5 Bytes JMP 00540018
.text C:\Windows\system32\svchost.exe[2648] msvcrt.dll!_open 75BDD106 5 Bytes JMP 00540FEF
.text C:\Windows\system32\svchost.exe[2648] msvcrt.dll!_wcreat 75BDD326 5 Bytes JMP 00540FC3
.text C:\Windows\system32\svchost.exe[2648] msvcrt.dll!_wopen 75BDD501 5 Bytes JMP 00540FDE
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!RegCreateKeyExA 775539AB 5 Bytes JMP 00640073
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!RegCreateKeyA 77553BA9 5 Bytes JMP 00640FD1
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!RegOpenKeyA 775589C7 5 Bytes JMP 00640000
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!RegCreateKeyW 7756391E 5 Bytes JMP 00640058
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!RegCreateKeyExW 775641F1 5 Bytes JMP 00640084
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!RegOpenKeyExA 77567C42 5 Bytes JMP 00640022
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!RegOpenKeyW 7756E2B5 5 Bytes JMP 00640011
.text C:\Windows\system32\svchost.exe[2648] ADVAPI32.dll!RegOpenKeyExW 77577BA1 5 Bytes JMP 00640033
.text C:\Windows\system32\svchost.exe[2648] WS2_32.dll!socket 760036D1 5 Bytes JMP 00550000
.text C:\Windows\System32\svchost.exe[2760] ntdll.dll!NtCreateFile 77404224 5 Bytes JMP 0018000A
.text C:\Windows\System32\svchost.exe[2760] ntdll.dll!NtCreateProcess 774042E4 5 Bytes JMP 00180FDE
.text C:\Windows\System32\svchost.exe[2760] ntdll.dll!NtProtectVirtualMemory 77404B84 5 Bytes JMP 00180FEF
.text C:\Windows\System32\svchost.exe[2760] kernel32.dll!GetStartupInfoW 76151929 5 Bytes JMP 001600B1
.text C:\Windows\System32\svchost.exe[2760] kernel32.dll!GetStartupInfoA 761519C9 5 Bytes JMP 00160F6B
.text C:\Windows\System32\svchost.exe[2760] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 001600E7
.text C:\Windows\System32\svchost.exe[2760] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 00160F50
.text C:\Windows\System32\svchost.exe[2760] kernel32.dll!VirtualProtect 76151DC3 5 Bytes JMP 00160F8D
.text C:\Windows\System32\svchost.exe[2760] kernel32.dll!CreateNamedPipeA 76152EF5 5 Bytes JMP 00160FDB
.text C:\Windows\System32\svchost.exe[2760] kernel32.dll!CreateNamedPipeW 76155C0C 5 Bytes JMP 00160FCA
.text C:\Windows\System32\svchost.exe[2760] kernel32.dll!CreatePipe 76178F06 5 Bytes JMP 00160096
.text C:\Windows\System32\svchost.exe[2760] kernel32.dll!LoadLibraryExW 7617927C 5 Bytes JMP 00160065
.text C:\Windows\System32\svchost.exe[2760] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 00160FB9
.text C:\Windows\System32\svchost.exe[2760] kernel32.dll!LoadLibraryExA 76179554 5 Bytes JMP 00160FA8
.text C:\Windows\System32\svchost.exe[2760] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 00160040
.text C:\Windows\System32\svchost.exe[2760] kernel32.dll!VirtualProtectEx 7617DC52 5 Bytes JMP 00160F7C
.text C:\Windows\System32\svchost.exe[2760] kernel32.dll!GetProcAddress 7619925B 5 Bytes JMP 00160F3F
.text C:\Windows\System32\svchost.exe[2760] kernel32.dll!CreateFileW 7619B0EB 5 Bytes JMP 00160011
.text C:\Windows\System32\svchost.exe[2760] kernel32.dll!CreateFileA 7619D07F 5 Bytes JMP 00160000
.text C:\Windows\System32\svchost.exe[2760] kernel32.dll!WinExec 761E60CF 5 Bytes JMP 001600CC
.text C:\Windows\System32\svchost.exe[2760] msvcrt.dll!_wsystem 75BD7F2F 5 Bytes JMP 00150042
.text C:\Windows\System32\svchost.exe[2760] msvcrt.dll!system 75BD804B 5 Bytes JMP 00150FB7
.text C:\Windows\System32\svchost.exe[2760] msvcrt.dll!_creat 75BDBBE1 5 Bytes JMP 0015001D
.text C:\Windows\System32\svchost.exe[2760] msvcrt.dll!_open 75BDD106 5 Bytes JMP 00150FE3
.text C:\Windows\System32\svchost.exe[2760] msvcrt.dll!_wcreat 75BDD326 5 Bytes JMP 00150FD2
.text C:\Windows\System32\svchost.exe[2760] msvcrt.dll!_wopen 75BDD501 5 Bytes JMP 0015000C
.text C:\Windows\System32\svchost.exe[2760] ADVAPI32.dll!RegCreateKeyExA 775539AB 5 Bytes JMP 00190062
.text C:\Windows\System32\svchost.exe[2760] ADVAPI32.dll!RegCreateKeyA 77553BA9 5 Bytes JMP 00190036
.text C:\Windows\System32\svchost.exe[2760] ADVAPI32.dll!RegOpenKeyA 775589C7 5 Bytes JMP 00190FEF
.text C:\Windows\System32\svchost.exe[2760] ADVAPI32.dll!RegCreateKeyW 7756391E 5 Bytes JMP 00190051
.text C:\Windows\System32\svchost.exe[2760] ADVAPI32.dll!RegCreateKeyExW 775641F1 5 Bytes JMP 00190FAF
.text C:\Windows\System32\svchost.exe[2760] ADVAPI32.dll!RegOpenKeyExA 77567C42 5 Bytes JMP 0019000A
.text C:\Windows\System32\svchost.exe[2760] ADVAPI32.dll!RegOpenKeyW 7756E2B5 5 Bytes JMP 00190FD4
.text C:\Windows\System32\svchost.exe[2760] ADVAPI32.dll!RegOpenKeyExW 77577BA1 5 Bytes JMP 00190025
.text C:\Windows\system32\svchost.exe[4208] ntdll.dll!NtCreateFile 77404224 5 Bytes JMP 00040FEF
.text C:\Windows\system32\svchost.exe[4208] ntdll.dll!NtCreateProcess 774042E4 5 Bytes JMP 00040FCD
.text C:\Windows\system32\svchost.exe[4208] ntdll.dll!NtProtectVirtualMemory 77404B84 5 Bytes JMP 00040FDE
.text C:\Windows\system32\svchost.exe[4208] kernel32.dll!GetStartupInfoW 76151929 5 Bytes JMP 0001007F
.text C:\Windows\system32\svchost.exe[4208] kernel32.dll!GetStartupInfoA 761519C9 5 Bytes JMP 00010064
.text C:\Windows\system32\svchost.exe[4208] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 000100B2
.text C:\Windows\system32\svchost.exe[4208] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 000100A1
.text C:\Windows\system32\svchost.exe[4208] kernel32.dll!VirtualProtect 76151DC3 5 Bytes JMP 00010042
.text C:\Windows\system32\svchost.exe[4208] kernel32.dll!CreateNamedPipeA 76152EF5 5 Bytes JMP 0001000A
.text C:\Windows\system32\svchost.exe[4208] kernel32.dll!CreateNamedPipeW 76155C0C 5 Bytes JMP 00010FAF
.text C:\Windows\system32\svchost.exe[4208] kernel32.dll!CreatePipe 76178F06 5 Bytes JMP 00010F43
.text C:\Windows\system32\svchost.exe[4208] kernel32.dll!LoadLibraryExW 7617927C 5 Bytes JMP 00010F68
.text C:\Windows\system32\svchost.exe[4208] kernel32.dll!LoadLibraryW 76179400 5 Bytes JMP 00010025
.text C:\Windows\system32\svchost.exe[4208] kernel32.dll!LoadLibraryExA 76179554 5 Bytes JMP 00010F79
.text C:\Windows\system32\svchost.exe[4208] kernel32.dll!LoadLibraryA 7617957C 5 Bytes JMP 00010F94
.text C:\Windows\system32\svchost.exe[4208] kernel32.dll!VirtualProtectEx 7617DC52 5 Bytes JMP 00010053
.text C:\Windows\system32\svchost.exe[4208] kernel32.dll!GetProcAddress 7619925B 5 Bytes JMP 000100C3
.text C:\Windows\system32\svchost.exe[4208] kernel32.dll!CreateFileW 7619B0EB 5 Bytes JMP 00010FCA
.text C:\Windows\system32\svchost.exe[4208] kernel32.dll!CreateFileA 7619D07F 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[4208] kernel32.dll!WinExec 761E60CF 5 Bytes JMP 00010090
.text C:\Windows\system32\svchost.exe[4208] msvcrt.dll!_wsystem 75BD7F2F 5 Bytes JMP 00060FA1
.text C:\Windows\system32\svchost.exe[4208] msvcrt.dll!system 75BD804B 5 Bytes JMP 00060FBC
.text C:\Windows\system32\svchost.exe[4208] msvcrt.dll!_creat 75BDBBE1 5 Bytes JMP 00060011
.text C:\Windows\system32\svchost.exe[4208] msvcrt.dll!_open 75BDD106 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[4208] msvcrt.dll!_wcreat 75BDD326 5 Bytes JMP 0006002C
.text C:\Windows\system32\svchost.exe[4208] msvcrt.dll!_wopen 75BDD501 5 Bytes JMP 00060FE3
.text C:\Windows\system32\svchost.exe[4208] ADVAPI32.dll!RegCreateKeyExA 775539AB 5 Bytes JMP 00070FCA
.text C:\Windows\system32\svchost.exe[4208] ADVAPI32.dll!RegCreateKeyA 77553BA9 5 Bytes JMP 00070051
.text C:\Windows\system32\svchost.exe[4208] ADVAPI32.dll!RegOpenKeyA 775589C7 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[4208] ADVAPI32.dll!RegCreateKeyW 7756391E 5 Bytes JMP 00070076
.text C:\Windows\system32\svchost.exe[4208] ADVAPI32.dll!RegCreateKeyExW 775641F1 5 Bytes JMP 00070087
.text C:\Windows\system32\svchost.exe[4208] ADVAPI32.dll!RegOpenKeyExA 77567C42 5 Bytes JMP 00070FE5
.text C:\Windows\system32\svchost.exe[4208] ADVAPI32.dll!RegOpenKeyW 7756E2B5 5 Bytes JMP 00070011
.text C:\Windows\system32\svchost.exe[4208] ADVAPI32.dll!RegOpenKeyExW 77577BA1 5 Bytes JMP 00070040
.text C:\Windows\system32\svchost.exe[4208] WS2_32.dll!socket 760036D1 5 Bytes JMP 00080000

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806956D6] \SystemRoot\System32\Drivers\spfb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80695042] \SystemRoot\System32\Drivers\spfb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80695800] \SystemRoot\System32\Drivers\spfb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806950C0] \SystemRoot\System32\Drivers\spfb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069513E] \SystemRoot\System32\Drivers\spfb.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A4E9C] \SystemRoot\System32\Drivers\spfb.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[2320] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0024A4B0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[2320] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0024A510] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84E131F8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

Device \FileSystem\fastfat \FatCdrom 87B361F8
Device \Driver\volmgr \Device\VolMgrControl 8404B1F8
Device \Driver\usbuhci \Device\USBPDO-0 85E4B1F8
Device \Driver\usbuhci \Device\USBPDO-1 85E4B1F8
Device \Driver\usbehci \Device\USBPDO-2 85EFB1F8
Device \Driver\usbuhci \Device\USBPDO-3 85E4B1F8
Device \Driver\usbuhci \Device\USBPDO-4 85E4B1F8

AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBPDO-5 85E4B1F8
Device \Driver\usbehci \Device\USBPDO-6 85EFB1F8
Device \Driver\volmgr \Device\HarddiskVolume1 8404B1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8404B1F8
Device \Driver\cdrom \Device\CdRom0 85FBE1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{E8400BB9-7986-42FA-BC17-750BC72A715D} 86AD61F8
Device \Driver\volmgr \Device\HarddiskVolume3 8404B1F8
Device \Driver\cdrom \Device\CdRom1 85FBE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E121F8
Device \Driver\atapi \Device\Ide\IdePort0 84E121F8
Device \Driver\atapi \Device\Ide\IdePort1 84E121F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 84E121F8
Device \Driver\BTHUSB \Device\00000080 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\netbt \Device\NetBt_Wins_Export 86AD61F8
Device \Driver\Smb \Device\NetbiosSmb 86AAE1F8
Device \Driver\iScsiPrt \Device\RaidPort0 85FAD500

AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\netbt \Device\NetBT_Tcpip_{C1664501-FCEF-483D-95DA-E774679A3944} 86AD61F8
Device \Driver\netbt \Device\NetBT_Tcpip_{F4BA8194-D61E-4E82-B3DD-18996812EC4F} 86AD61F8
Device \Driver\usbuhci \Device\USBFDO-0 85E4B1F8
Device \Driver\usbuhci \Device\USBFDO-1 85E4B1F8
Device \Driver\usbehci \Device\USBFDO-2 85EFB1F8
Device \Driver\usbuhci \Device\USBFDO-3 85E4B1F8
Device \Driver\usbuhci \Device\USBFDO-4 85E4B1F8
Device \Driver\BTHUSB \Device\0000007e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-5 85E4B1F8
Device \Driver\usbehci \Device\USBFDO-6 85EFB1F8
Device \FileSystem\fastfat \Fat 87B361F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

Device \FileSystem\cdfs \Cdfs 85F081F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e86b9e1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootPlanUserTime Thu, Aug 18 11, 09:37:29 PM????????????
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootPlanTime 0x29 0x5E 0xCC 0x01 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@MemoryCacheSize 472523662
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0xCF 0x67 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCC 0x25 0x77 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x20 0x39 0x92 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x7A 0x20 0xE0 0x06 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x57 0x0C 0xBE 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x3A 0x9A 0x10 0x54 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00247e86b9e1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0C 0xCF 0x67 0x94 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCC 0x25 0x77 0x57 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x20 0x39 0x92 0xD9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x7A 0x20 0xE0 0x06 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x57 0x0C 0xBE 0xF9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x3A 0x9A 0x10 0x54 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Student\Documents\Azureus Downloads\Lolicon Games\ 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files\Electronic Arts\Mass Effect\x2122 2\docs\Mass Effect 2_code.exe 1

---- Files - GMER 1.0.15 ----

File C:\Users\Student\AppData\Roaming\systemfl.$dk 990 bytes
File C:\Windows\System32\sys_drv.dat 6024 bytes
File C:\Windows\System32\sys_drv_2.dat 5020 bytes
File C:\Windows\System32\WinFLdrv.sys 17984 bytes executable <-- ROOTKIT !!!

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\WinFLdrv.sys [AUTO] WinFLdrv <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----


That's all of it, again, I hope this helps, and I appreciate you helping me with this Broni!

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:27 AM

Posted 19 August 2011 - 07:16 PM

It looks like you may have legit Windows file patched by an infection (WinFLdrv.sys)

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===============================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 Arclight

Arclight
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 19 August 2011 - 08:44 PM

Alrighty here are the two logs:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-19 18:32:34
-----------------------------
18:32:34.727 OS Version: Windows 6.0.6002 Service Pack 2
18:32:34.727 Number of processors: 2 586 0xF0D
18:32:34.727 ComputerName: STUDENT-PC UserName: Student
18:32:51.809 Initialize success
18:33:17.523 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:33:17.523 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
18:33:20.081 Disk 0 MBR read successfully
18:33:20.097 Disk 0 MBR scan
18:33:20.097 Disk 0 Windows VISTA default MBR code
18:33:20.222 Disk 0 scanning sectors +312579760
18:33:20.705 Disk 0 scanning C:\Windows\system32\drivers
18:35:11.956 Service scanning
18:35:18.009 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:35:20.364 Modules scanning
18:37:17.988 Disk 0 trace - called modules:
18:37:18.113 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84e121f8]<<
18:37:18.113 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8561eac8]
18:37:18.113 3 CLASSPNP.SYS[8819d8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84e51b98]
18:37:18.113 \Driver\atapi[0x84e9fd40] -> IRP_MJ_CREATE -> 0x84e121f8
18:37:18.129 Scan finished successfully
18:37:57.893 Disk 0 MBR has been saved successfully to "C:\Users\Student\Desktop\MBR.dat"
18:37:58.065 The log file has been saved successfully to "C:\Users\Student\Desktop\aswMBR.txt"

And the 2nd log:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8C20D000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9433088 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x8221E000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x8221E000 PnpManager 3907584 bytes
0x8221E000 RAW 3907584 bytes
0x8221E000 WMIxWDM 3907584 bytes
0x978D0000 Win32k 2113536 bytes
0x978D0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C09A000 C:\Windows\system32\DRIVERS\athr.sys 1200128 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x88000000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x87E76000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8F406000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x80693000 PCI_PNP6368 1052672 bytes
0x80693000 C:\Windows\System32\Drivers\spfb.sys 1052672 bytes
0x80693000 sptd 1052672 bytes
0x8F859000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D8000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAFA02000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8F508000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x80C0F000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8CB0C000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C00D000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8CF72000 C:\Windows\System32\Drivers\bthport.sys 524288 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x8060A000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x87E05000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8040E000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x87D3F000 C:\Windows\system32\drivers\mfehidk.sys 450560 bytes (McAfee, Inc., McAfee Link Driver)
0x80D2C000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8FB4D000 C:\Windows\system32\drivers\mfefirek.sys 331776 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0xAAAC2000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x97B20000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x87C34000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8FA34000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x805B8000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80497000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8C1BF000 C:\Windows\system32\DRIVERS\Rtlh86.sys 266240 bytes (Realtek , Realtek 8136/8168/8169 NDIS6 32-bit Driver )
0x8CCFA000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x87DB7000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8CF35000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8FAC2000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8CE06000 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 241664 bytes (DT Soft Ltd, DAEMON Tools Virtual Bus Driver)
0x87FAC000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8CEA9000 C:\Windows\system32\drivers\CHDRT32.sys 237568 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0xAAA49000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88110000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8CE58000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x825D8000 ACPI_HAL 208896 bytes
0x825D8000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x87CFD000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8FA02000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8CCCB000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x87C93000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8CEE3000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8CC3F000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x87F81000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8CDD5000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8FB23000 C:\Windows\system32\drivers\mfeavfk.sys 172032 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x80CCF000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8F985000 C:\Windows\system32\DRIVERS\rfcomm.sys 167936 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0xAAB29000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAAA9A000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88160000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8F95E000 C:\Windows\system32\drivers\mfewfpk.sys 159744 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0x807CB000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8079D000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8CF10000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8CD68000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x88198000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xAAA09000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8F806000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAAA2A000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x87CDF000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x80D99000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0xAFB83000 C:\Windows\system32\drivers\mfeapfk.sys 114688 bytes (McAfee, Inc., Access Protection Filter Driver)
0x8F943000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8FBD7000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8F9E2000 C:\Windows\system32\DRIVERS\bthpan.sys 106496 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x8CC01000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x80DB6000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0xAFB6A000 C:\Users\Student\AppData\Local\Temp\uxrirfob.sys 102400 bytes
0x8CC81000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xAAA82000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8FB08000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8CD46000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x80D16000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8FA7C000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8F9AE000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x80DCF000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8CDAE000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8CD9A000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F9CE000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8CC2C000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8F5D9000 C:\Windows\system32\DRIVERS\MOBK.sys 77824 bytes (Mozy, Inc., Mozy Change Monitor Filter Driver)
0x80D03000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8FAAF000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x88187000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8CE98000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047E000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8CC1B000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD Driver)
0x87D2F000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x80CBF000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x87CC7000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8CBD2000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8CDC3000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8CCBB000 C:\Windows\System32\Drivers\tosrfcom.sys 65536 bytes (TOSHIBA Corporation, Bluetooth RFCOMM Driver)
0x8CCAC000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8FA92000 C:\Windows\system32\DRIVERS\mfenlfk.sys 61440 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
0xAFBAC000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88151000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x87C09000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8CD8B000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8CBC3000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x87C25000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8CBE2000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x97B10000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8FAA1000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8F842000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x87C85000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8F5CA000 C:\Windows\System32\Drivers\BTHUSB.sys 53248 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0xAFB59000 C:\Windows\system32\drivers\cfwids.sys 53248 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0x8FB9E000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0xAFB9F000 C:\Windows\system32\drivers\mfebopk.sys 53248 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0x8F5BD000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8CE4B000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80686000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xAFAEA000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8C000000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8CBAC000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0xAFBBB000 C:\Users\Student\AppData\Local\Temp\aswMBR.sys 45056 bytes
0x8FBAB000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8CC76000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8CC6B000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8F837000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8CD5D000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8CD3B000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8CE8D000 C:\Windows\system32\DRIVERS\tosporte.sys 45056 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth Port Emulation Driver)
0x881E2000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8CBB8000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x87C1B000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8F9C4000 C:\Windows\system32\DRIVERS\BthEnum.sys 40960 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x8FBBE000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8CE41000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x80CF9000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8FAFE000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x87DAD000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xAFAE0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xAFBC6000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x881B9000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8F5EC000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8F850000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x97AF0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x881ED000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8CCA3000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x80794000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x87CD7000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048F000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8FBB6000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x807C3000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F827000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F82F000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88149000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xAFAF6000 C:\Windows\system32\WinFLdrv.sys 32768 bytes
0xAFAFE000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8CFF2000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x87C7E000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80407000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8F5F5000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x87CC0000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8CC99000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8FB1F000 C:\Windows\System32\Drivers\ASPI32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0x8CC9F000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAFB66000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xAAB51000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x87C18000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8CDD3000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8F5D7000 C:\Windows\System32\Drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x84E131F8 unknown_irp_handler 3592 bytes
0x87B361F8 unknown_irp_handler 3592 bytes
0x84E121F8 unknown_irp_handler 3592 bytes
0x85FBE1F8 unknown_irp_handler 3592 bytes
0x85E4B1F8 unknown_irp_handler 3592 bytes
0x86AAE1F8 unknown_irp_handler 3592 bytes
0x86AD61F8 unknown_irp_handler 3592 bytes
0x8404B1F8 unknown_irp_handler 3592 bytes
0x85EFB1F8 unknown_irp_handler 3592 bytes
0x878CC1F8 unknown_irp_handler 3592 bytes
0x85F081F8 unknown_irp_handler 3592 bytes
0x85FAD500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]


Thanks again!

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:27 AM

Posted 19 August 2011 - 08:54 PM

Uninstall Java 2 Runtime Environment, SE v1.4.2_02

I don't see anything malicious there.

Download System Information for Windows (SIW free version)
No installation required.

After it scans your computer, navigate to Hardware>Sensors and post all info from there.

Posted Image

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 Arclight

Arclight
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 19 August 2011 - 11:24 PM

Something seemed strange on the last two logs to me, I think the first one I scanned twice accidentally because it didn't say anything about being completed so I'm going to re-post them both just in case I messed something up. At the bottom is what you asked for from System Information for Windows as well. Thanks again for being so patient and helpful!

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-19 18:32:34
-----------------------------
18:32:34.727 OS Version: Windows 6.0.6002 Service Pack 2
18:32:34.727 Number of processors: 2 586 0xF0D
18:32:34.727 ComputerName: STUDENT-PC UserName: Student
18:32:51.809 Initialize success
18:33:17.523 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:33:17.523 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
18:33:20.081 Disk 0 MBR read successfully
18:33:20.097 Disk 0 MBR scan
18:33:20.097 Disk 0 Windows VISTA default MBR code
18:33:20.222 Disk 0 scanning sectors +312579760
18:33:20.705 Disk 0 scanning C:\Windows\system32\drivers
18:35:11.956 Service scanning
18:35:18.009 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:35:20.364 Modules scanning
18:37:17.988 Disk 0 trace - called modules:
18:37:18.113 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84e121f8]<<
18:37:18.113 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8561eac8]
18:37:18.113 3 CLASSPNP.SYS[8819d8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84e51b98]
18:37:18.113 \Driver\atapi[0x84e9fd40] -> IRP_MJ_CREATE -> 0x84e121f8
18:37:18.129 Scan finished successfully
18:37:57.893 Disk 0 MBR has been saved successfully to "C:\Users\Student\Desktop\MBR.dat"
18:37:58.065 The log file has been saved successfully to "C:\Users\Student\Desktop\aswMBR.txt"


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-19 21:12:39
-----------------------------
21:12:39.107 OS Version: Windows 6.0.6002 Service Pack 2
21:12:39.107 Number of processors: 2 586 0xF0D
21:12:39.109 ComputerName: STUDENT-PC UserName: Student
21:12:43.882 Initialize success
21:12:51.199 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:12:51.202 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
21:12:53.811 Disk 0 MBR read successfully
21:12:53.814 Disk 0 MBR scan
21:12:53.816 Disk 0 Windows VISTA default MBR code
21:12:54.275 Disk 0 scanning sectors +312579760
21:12:54.817 Disk 0 scanning C:\Windows\system32\drivers
21:14:44.193 Service scanning
21:14:45.630 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:14:46.483 Modules scanning
21:17:06.878 Disk 0 trace - called modules:
21:17:07.019 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84e121f8]<<
21:17:07.019 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8561eac8]
21:17:07.019 3 CLASSPNP.SYS[8819d8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84e51b98]
21:17:07.019 \Driver\atapi[0x84e9fd40] -> IRP_MJ_CREATE -> 0x84e121f8
21:17:07.019 Scan finished successfully
21:17:48.884 Disk 0 MBR has been saved successfully to "C:\Users\Student\Desktop\MBR.dat"
21:17:48.947 The log file has been saved successfully to "C:\Users\Student\Desktop\aswMBR.txt"



RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8C20D000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9433088 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x8221E000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x8221E000 PnpManager 3907584 bytes
0x8221E000 RAW 3907584 bytes
0x8221E000 WMIxWDM 3907584 bytes
0x978D0000 Win32k 2113536 bytes
0x978D0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C09A000 C:\Windows\system32\DRIVERS\athr.sys 1200128 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x88000000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x87E76000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8F406000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x80693000 PCI_PNP6368 1052672 bytes
0x80693000 C:\Windows\System32\Drivers\spfb.sys 1052672 bytes
0x80693000 sptd 1052672 bytes
0x8F859000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D8000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAFA02000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8F508000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x80C0F000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8CB0C000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C00D000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8CF72000 C:\Windows\System32\Drivers\bthport.sys 524288 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x8060A000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x87E05000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8040E000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x87D3F000 C:\Windows\system32\drivers\mfehidk.sys 450560 bytes (McAfee, Inc., McAfee Link Driver)
0x80D2C000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8FB4D000 C:\Windows\system32\drivers\mfefirek.sys 331776 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0xAAAC2000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x97B20000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x87C34000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8FA34000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x805B8000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80497000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8C1BF000 C:\Windows\system32\DRIVERS\Rtlh86.sys 266240 bytes (Realtek , Realtek 8136/8168/8169 NDIS6 32-bit Driver )
0x8CCFA000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x87DB7000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8CF35000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8FAC2000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8CE06000 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 241664 bytes (DT Soft Ltd, DAEMON Tools Virtual Bus Driver)
0x87FAC000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8CEA9000 C:\Windows\system32\drivers\CHDRT32.sys 237568 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0xAAA49000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88110000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8CE58000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x825D8000 ACPI_HAL 208896 bytes
0x825D8000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x87CFD000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8FA02000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8CCCB000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x87C93000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8CEE3000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8CC3F000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x87F81000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8CDD5000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8FB23000 C:\Windows\system32\drivers\mfeavfk.sys 172032 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x80CCF000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8F985000 C:\Windows\system32\DRIVERS\rfcomm.sys 167936 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0xAAB29000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAAA9A000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88160000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8F95E000 C:\Windows\system32\drivers\mfewfpk.sys 159744 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0x807CB000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8079D000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8CF10000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8CD68000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x88198000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xAAA09000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8F806000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAAA2A000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x87CDF000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x80D99000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0xAFB83000 C:\Windows\system32\drivers\mfeapfk.sys 114688 bytes (McAfee, Inc., Access Protection Filter Driver)
0x8F943000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8FBD7000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8F9E2000 C:\Windows\system32\DRIVERS\bthpan.sys 106496 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x8CC01000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x80DB6000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0xAFB6A000 C:\Users\Student\AppData\Local\Temp\uxrirfob.sys 102400 bytes
0x8CC81000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xAAA82000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8FB08000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8CD46000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x80D16000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8FA7C000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8F9AE000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x80DCF000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8CDAE000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8CD9A000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F9CE000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8CC2C000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8F5D9000 C:\Windows\system32\DRIVERS\MOBK.sys 77824 bytes (Mozy, Inc., Mozy Change Monitor Filter Driver)
0x80D03000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8FAAF000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x88187000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8CE98000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047E000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8CC1B000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD Driver)
0x87D2F000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x80CBF000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x87CC7000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8CBD2000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8CDC3000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8CCBB000 C:\Windows\System32\Drivers\tosrfcom.sys 65536 bytes (TOSHIBA Corporation, Bluetooth RFCOMM Driver)
0x8CCAC000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8FA92000 C:\Windows\system32\DRIVERS\mfenlfk.sys 61440 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
0xAFBAC000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88151000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x87C09000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8CD8B000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8CBC3000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x87C25000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8CBE2000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x97B10000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8FAA1000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8F842000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x87C85000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8F5CA000 C:\Windows\System32\Drivers\BTHUSB.sys 53248 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0xAFB59000 C:\Windows\system32\drivers\cfwids.sys 53248 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0x8FB9E000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0xAFB9F000 C:\Windows\system32\drivers\mfebopk.sys 53248 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0x8F5BD000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8CE4B000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80686000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xAFAEA000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8C000000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8CBAC000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0xAFBBB000 C:\Users\Student\AppData\Local\Temp\aswMBR.sys 45056 bytes
0x8FBAB000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8CC76000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8CC6B000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8F837000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8CD5D000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8CD3B000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8CE8D000 C:\Windows\system32\DRIVERS\tosporte.sys 45056 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth Port Emulation Driver)
0x881E2000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8CBB8000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x87C1B000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8F9C4000 C:\Windows\system32\DRIVERS\BthEnum.sys 40960 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x8FBBE000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8CE41000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x80CF9000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8FAFE000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x87DAD000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xAFAE0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xAFBD8000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xAFBE1000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xAFBCF000 C:\Users\Student\AppData\Local\Temp\cpuz135\cpuz135_x32.sys 36864 bytes
0x881B9000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8F5EC000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8F850000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x97AF0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x881ED000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8CCA3000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x80794000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x87CD7000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048F000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8FBB6000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x807C3000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F827000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F82F000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88149000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xAFAF6000 C:\Windows\system32\WinFLdrv.sys 32768 bytes
0xAFAFE000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8CFF2000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x87C7E000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80407000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8F5F5000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x87CC0000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8CC99000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8FB1F000 C:\Windows\System32\Drivers\ASPI32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0x8CC9F000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAFB66000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xAAB51000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x87C18000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8CDD3000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8F5D7000 C:\Windows\System32\Drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x84E131F8 unknown_irp_handler 3592 bytes
0x87B361F8 unknown_irp_handler 3592 bytes
0x84E121F8 unknown_irp_handler 3592 bytes
0x85FBE1F8 unknown_irp_handler 3592 bytes
0x85E4B1F8 unknown_irp_handler 3592 bytes
0x86AAE1F8 unknown_irp_handler 3592 bytes
0x86AD61F8 unknown_irp_handler 3592 bytes
0x8404B1F8 unknown_irp_handler 3592 bytes
0x85EFB1F8 unknown_irp_handler 3592 bytes
0x878CC1F8 unknown_irp_handler 3592 bytes
0x85F081F8 unknown_irp_handler 3592 bytes
0x85FAD500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)




Sensor Value Min Max
STUDENT-PC
Dell Inc. 0Y487G
Temperatures
THM_ 64 °C (146 °F) 59 °C (137 °F) 71 °C (158 °F)
Intel Mobile Core 2 Duo T5870
Temperatures
Core #0 65 °C (148 °F) 57 °C (134 °F) 70 °C (157 °F)
Core #1 65 °C (148 °F) 57 °C (134 °F) 70 °C (157 °F)
WDC WD1600BEVT-75ZCT2
Temperatures
Assembly 50 °C (121 °F) 47 °C (116 °F) 50 °C (121 °F)
Battery
Voltages
Current Voltage 12.46 V 12.46 V 12.46 V
Capacities
Designed Capacity 48840 mWh 48840 mWh 48840 mWh
Full Charge Capacity 45155 mWh 45155 mWh 45155 mWh
Current Capacity 45155 mWh 45155 mWh 45155 mWh
Levels
Wear Level 8 % 8 % 8 %
Charge Level 100 % 100 % 100 %

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:27 AM

Posted 19 August 2011 - 11:29 PM

All looks fine.

I suggest you start new topic in Vista forum since your computer seems to be clean.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 Arclight

Arclight
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 19 August 2011 - 11:50 PM

Alright, thanks for the help, I'll check out the Vista forum and see if anything happens again like it did before. Again I appreciate all the help!

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:27 AM

Posted 19 August 2011 - 11:53 PM

Sure thing :)

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users