Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet access shuts down right after login


  • This topic is locked This topic is locked
15 replies to this topic

#1 ARKeng

ARKeng

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 09 September 2011 - 01:17 AM

Let me start with the basics: I'm running Windows Vista Home Premium Service Pack 2
My virus protection/firewall is "Cox Security Suite powered by McAfee"

First indication there was any problem (now that I think back on it): a few days ago, my nephew complained of getting some popups. Unfortunately, I don't remember much about them other than they involved files with a .TMP extension. He navigated to the path involved and as soon as he clicked "OK" a new file would appear in the folder and a new popup would appear at the same time. He got it to stop by deleting all of the files in that folder with the .TMP extension before hitting OK and it stopped. It seems stupid now, but I thought it was just a Windows error of some sort instead of the beginnings of an infestation. I did run a virus scan through McAfee and it found and quarantined a Generic FakeAlert.by trojan and an Artemis!D117047DDB70 trojan. Since then, I've discovered that on a scheduled scan a few days earlier it had found and quarantined an Artemis!092B5159389C trojan and about a dozen instances of a Generic.thr!k trojan but I didn't now about that till later because the aforementioned nephew didn't mention anything about it when it apparently finished while he was on the computer.

First indication of a more serious long term problem: A few days later, I woke up the computer from being asleep overnight, and clicked on Firefox and got "Server not found, Firefox can't find the server at www.google.com" page. As I thought it just might be an internet connection problem, I tried rebooting the modem, router, and had Windows diagnose the problem and tried two options there (Automatically get new IP settings for the network adapter "Local Area Connection", and Reset the network adapter "Local Area Connection"). Neither worked. I still thought it just might be an ISP problem (though not likely since all the appropriate lights on the modem and router were lighting up in the right order), until I tried to login to my router from web-browser and got a similar "Server not found" page which I've NEVER gotten before under any issues. So, I unplugged the network cable between the router and modem and set McAfee to do a "FULL" scan while I went to work since it takes 3-4 hours.

When I came back, McAfee had found 22 tracking cookies but no viruses or trojans. I retried the same network diagnostic attempts after my roommate confirmed the router/modem worked with his laptop. All this still failing I decided to try a system reboot on everything (computer, modem, router). When I logged back in my internet worked - I browsed for a few minutes and then all of a sudden clicked a link and got the "Server Not Found" page all over again. Went through it all again, rebooted, same thing. Now I can reboot and my internet works for anywhere from 10 secs to maybe 90 seconds after login. I've tried booting in safe mode, and if anything it shuts down quicker in safe mode. I have since discovered that if I start in safe mode and then run McAfee, it warns me that "Real-Time Scanning" is Off. And after I click it on, about a second later it switches off with another warning.

I still didn't really know it was a malware issue till I ran "Task Manager" and notice a process called win4036e0.dat. After googling that filename on my phone, it seemed likely it was malware. I can end this process but it doesn't seem to affect anything. It always reappears after boot. Even if I end this process before the internet access drops out, the access still drops out. Since all my McAfee help files, etc. do is link to the internet it's been a pain to figure much out

I brought home my work laptop tonight to try to figure more out. Based off some advice I found on the net, I tried running "msconfig" on the start menu and turned off everything except for McAfee in the startup tab. There were two entries that looked particularly suspicious: an item "-532066276" from "Unknown" Manufacturer with a command line "C:\Users\Alan\AppData\Local\Temp\thpm291337485425533431.tmp". The other was an item "8EE9D7FB" with "Unknown" manufacturer and command line "C:\Users\Alan\AppData\Roaming\8EE9D7FB.EXE" Though these look questionable, stopping them (along with everything else) didn't help. Same results in both a normal or safe mode boot. Also, it should be noted I did navigate to those paths and neither file appears to exist (even when I checked to make sure that "Show hidden files and folders" was checked in the Folder Options\View tab settings.

After that, I went through the steps at this address: http://www.selectrealsecurity.com/malware-removal-guide
I did this by downloading the tools on my laptop, transferring them to data card on my phone and then installing onto my troubled desktop. "MiniToolBox" and "TDSSKiller" didn't seem to accomplish much of anything. Malwarebytes Anti-Malware quick scan found 10 "infected items" that all had to do with "Adware". It said all were quarantined and deleted successfully after reboot. "SuperAntiSpyware" quick scan found 89 items (all adware) and said everything was deleted/quarantined after reboot. I tried to run the "Hitman Pro" product, but it requires internet access and as soon as the internet access stops, it stalls and times out.

Since I still don't have internet access, I'm at a bit of a loss on how to proceed. I'm pretty good with computers, but I'm definitely not an IT guy or anything so I'm pretty much at the end of my abilities. And though I've found some suspicious items, nothing's solved the problem. Any help you can give me will be greatly appreciated!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:05 PM

Posted 09 September 2011 - 09:58 PM

Welcome aboard Posted Image

Can you check if you can connect in Safe Mode with Networking?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 ARKeng

ARKeng
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 10 September 2011 - 12:35 AM

Nope. Sorry, I forgot to mention that all the times I said "safe mode" above, I really meant "safe mode with networking". Doesn't work (and I did just double check, since you had me doubting myself!)

#4 ARKeng

ARKeng
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 14 September 2011 - 01:03 PM

bump...

Any ideas? I'm desperate!

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:05 PM

Posted 14 September 2011 - 03:28 PM

Use good computer to download following tools and transfer them to bad computer using USB flash drive.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 ARKeng

ARKeng
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 16 September 2011 - 01:01 AM

Here are the contents of "checkup.txt" from SecurityCheck:

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
McAfee Virtual Technician
McAfee SecurityCenter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 21
Java™ 6 Update 4
Java™ 6 Update 5
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.3.183.5
Adobe Reader 8.3.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#7 ARKeng

ARKeng
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 16 September 2011 - 01:02 AM

Here are the contents of result.txt from MiniToolbox:

MiniToolBox by Farbar
Ran by Alan (administrator) on 15-09-2011 at 22:04:00
Windows Vista ™ Home Premium Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Alan-desktop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection
Physical Address. . . . . . . . . : 00-1D-09-99-89-A3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4de0:b6d9:c77b:259c%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.7(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, September 15, 2011 10:03:26 PM
Lease Expires . . . . . . . . . . : Friday, September 16, 2011 10:03:26 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 251665673
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-CF-71-C9-00-1D-09-99-89-A3
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{8BF932B3-9F46-4240-83F6-28AEF593C124}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 1d 09 99 89 a3 ...... Intel® 82562V-2 10/100 Network Connection
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.{8BF932B3-9F46-4240-83F6-28AEF593C124}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/15/2011 10:02:08 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (09/15/2011 10:02:07 PM) (Source: LoadPerf) (User: )
Description: Performance16

Error: (09/15/2011 09:59:07 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/15/2011 09:59:07 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/15/2011 09:56:11 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (09/15/2011 09:56:09 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (09/15/2011 09:55:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2011 10:28:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2011 10:28:22 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/09/2011 10:23:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/15/2011 09:55:53 PM) (Source: Service Control Manager) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2

Error: (09/09/2011 10:32:12 PM) (Source: DCOM) (User: )
Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (09/09/2011 10:29:00 PM) (Source: DCOM) (User: )
Description: 1084McAfee SiteAdvisor Service{5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error: (09/09/2011 10:28:40 PM) (Source: Service Control Manager) (User: )
Description: SASDIFSV
SASKUTIL
spldr
Wanarpv6

Error: (09/09/2011 10:28:40 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (09/09/2011 10:28:30 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/09/2011 10:28:29 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/09/2011 10:28:25 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (09/09/2011 10:28:22 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/09/2011 10:28:14 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office Sessions:
=========================
Error: (09/15/2011 10:02:08 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl8

Error: (09/15/2011 10:02:07 PM) (Source: LoadPerf)(User: )
Description: Performance16

Error: (09/15/2011 09:59:07 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK

Error: (09/15/2011 09:59:07 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK

Error: (09/15/2011 09:56:11 PM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (09/15/2011 09:56:09 PM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (09/15/2011 09:55:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2011 10:28:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2011 10:28:22 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/09/2011 10:23:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Flash Player ActiveX (Version: 9.0.115.0)
Adobe Reader 8.3.0 (Version: 8.3.0)
Adobe Shockwave Player 11.5 (Version: 11.5.6.606)
AnswerWorks 5.0 English Runtime (Version: 008.000.0003)
Apple Software Update (Version: 2.1.1.116)
ATI Catalyst Control Center (Version: 2.007.0914.2138)
ATI Catalyst Install Manager (Version: 3.0.804.0)
Bandisoft MPEG-1 Decoder
Battlefield Play4Free
Bluebeam PDF Revu Standard v7.2.1 (Version: 7.2.1)
Browser Address Error Redirector (Version: 1.00.0000)
Bullzip PDF Printer 6.0.0.744
Business Tools Launcher (Version: 1.00.0000)
Call of Duty® - World at War™ (Version: 1.0)
Call of Duty® - World at War™ (Version: 1.7)
Call of Duty® - World at War™ 1.1 Patch
Call of Duty® - World at War™ 1.1 Patch (Version: 1.1)
Call of Duty® - World at War™ 1.2 Patch
Call of Duty® - World at War™ 1.2 Patch (Version: 1.2)
Call of Duty® - World at War™ 1.3 Patch
Call of Duty® - World at War™ 1.3 Patch (Version: 1.3)
Call of Duty® - World at War™ 1.4 Patch
Call of Duty® - World at War™ 1.4 Patch (Version: 1.4)
Call of Duty® - World at War™ 1.5 Patch
Call of Duty® - World at War™ 1.5 Patch (Version: 1.5)
Call of Duty® - World at War™ 1.6 Patch
Call of Duty® - World at War™ 1.6 Patch (Version: 1.6)
Call of Duty® - World at War™ 1.7 Patch
Call of Duty® - World at War™ 1.7 Patch (Version: 1.7)
Call of Duty® 4 - Modern Warfare™ (Version: 1.6)
Call of Duty® 4 - Modern Warfare™ (Version: 1.7)
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Catalyst Control Center Core Implementation (Version: 2007.0914.2139.36828)
Catalyst Control Center Graphics Full Existing (Version: 2007.0914.2139.36828)
Catalyst Control Center Graphics Full New (Version: 2007.0914.2139.36828)
Catalyst Control Center Graphics Light (Version: 2007.0914.2139.36828)
Catalyst Control Center Graphics Previews Vista (Version: 2007.0914.2139.36828)
Catalyst Control Center InstallProxy (Version: 2010.1125.2142.38865)
Catalyst Control Center Localization Chinese Standard (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization French (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization German (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization Italian (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization Japanese (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization Korean (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization Polish (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization Portuguese (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization Spanish (Version: 2007.0914.2139.36828)
Catalyst Control Center Localization Thai (Version: 2007.0914.2139.36828)
ccc-core-static (Version: 2007.0914.2139.36828)
ccc-utility (Version: 2007.0914.2139.36828)
CCC Help Chinese Standard (Version: 2007.0914.2138.36828)
CCC Help Chinese Traditional (Version: 2007.0914.2138.36828)
CCC Help English (Version: 2007.0914.2138.36828)
CCC Help French (Version: 2007.0914.2138.36828)
CCC Help German (Version: 2007.0914.2138.36828)
CCC Help Italian (Version: 2007.0914.2138.36828)
CCC Help Japanese (Version: 2007.0914.2138.36828)
CCC Help Korean (Version: 2007.0914.2138.36828)
CCC Help Polish (Version: 2007.0914.2138.36828)
CCC Help Portuguese (Version: 2007.0914.2138.36828)
CCC Help Spanish (Version: 2007.0914.2138.36828)
CCC Help Thai (Version: 2007.0914.2138.36828)
Combat Arms
Company of Heroes
Dell DataSafe Online (Version: 1.0.21)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Network Assistant (Version: 3.0.0.0)
Dell Support Center (Version: 3.1.5830.17)
Download Manager 2.3.6 (Version: 2.3.6)
EDocs
Empire Earth
Fraps
Garry's Mod
Google Earth (Version: 6.0.3.2197)
Google Gears (Version: 0.5.3600)
Google Update Helper (Version: 1.3.21.65)
GPL Ghostscript Lite 8.63
Hitman Pro 3.5 (Version: 3.5.9.129)
Intel® PRO Network Connections 12.1.11.0 (Version: )
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (Version: 6.0.210)
Java™ 6 Update 4 (Version: 1.6.0.40)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Junk Mail filter update (Version: 14.0.8089.726)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
McAfee SecurityCenter (Version: 10.5.240)
McAfee Virtual Technician (Version: 6.0.0.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Search Enhancement Pack (Version: 3.0.127.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 6.0.1 (x86 en-US) (Version: 6.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
NVIDIA PhysX (Version: 9.10.0513)
OpenAL
OpenOffice.org 3.0 (Version: 3.0.9379)
Pando Media Booster (Version: 2.3.5.2)
Personal Entertainment Launcher (Version: 1.00.0000)
Pivot Stickfigure Animator (Version: 2.2.5)
Product Support Launcher (Version: 1.00.0000)
PunkBuster Services (Version: 0.990)
QuickTime (Version: 7.64.17.73)
Realtek High Definition Audio Driver
Red Faction (Version: 1.20)
Red Faction 2 (Version: 1.01)
RISA-3D 7.1 Standalone (Version: 7.1.1.0)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator BDAV Plugin (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Sentinel Protection Installer 7.4.0 (Version: 7.4.0)
ShapeCAD version 2.0
ShapeDesignerPro (Version: 6.0)
Sid Meier's Civilization 4 (Version: 1.74)
Skins (Version: 2007.0914.2139.36828)
Sniper Elite
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
Steam (Version: 1.0.0.0)
TurboTax 2008
TurboTax 2008 WinPerFedFormset (Version: 008.000.0338)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0218)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0190)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.1000)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0428)
TurboTax 2008 wrapper (Version: 008.000.0065)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214)
TurboTax 2010 wrapper (Version: 010.000.0157)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Mobile Device Center (Version: 6.1.6965.0)
WinRAR archiver
World of Warcraft (Version: 4.2.2.14545)
World of Warcraft Public Test (Version: 0.0.0.0)
Xvid Video Codec (Version: 1.3.1)

========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 3325.27 MB
Available physical RAM: 2452.87 MB
Total Pagefile: 6871.54 MB
Available Pagefile: 5832.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.95 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:288.03 GB) (Free:27.06 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.21 GB) NTFS
3 Drive e: (ML Math Course 1) (CDROM) (Total:0.29 GB) (Free:0 GB) CDFS
4 Drive f: () (Removable) (Total:0.48 GB) (Free:0.17 GB) FAT

========================= Users: ========================================

User accounts for \\ALAN-DESKTOP

Administrator Alan Guest
Mason


**** End of log ****

#8 ARKeng

ARKeng
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 16 September 2011 - 01:03 AM

Here is the contents of my MBAM log from tonight:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7681

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/15/2011 10:13:08 PM
mbam-log-2011-09-15 (22-13-08).txt

Scan type: Quick scan
Objects scanned: 187838
Time elapsed: 5 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 ARKeng

ARKeng
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 16 September 2011 - 01:05 AM

Here are the results of my MBAM log from the first time I ran it just prior to my first post (just ran into it again and figured if it could be any help at all, why not post it):
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7681

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/8/2011 9:01:47 PM
mbam-log-2011-09-08 (21-01-47).txt

Scan type: Quick scan
Objects scanned: 188091
Time elapsed: 11 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{03D7FF6E-9781-40B5-BB7F-94291A361604} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Value: Zango@Zango.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Alan\AppData\Roaming\Zango (Adware.Zango) -> Delete on reboot.
c:\programdata\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\zangosaabout.mht (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\zangosaau.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\zangosaeula.mht (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\zangosa_hpk.dat (Adware.Zango) -> Quarantined and deleted successfully.
c:\programdata\ZangoSA\zangosa_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully.

#10 ARKeng

ARKeng
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 16 September 2011 - 01:17 AM

On GMER: I tried running the scan the first time and it ran about a minute, then popped up with "6prol2z6.exe" has stopped working. So I tried it again. About 5 seconds after hitting the scan button this time, my system crashed to a screen reminiscent of an old "blue screen of death". Before I got a chance to read too much on it though, it rebooted my machine. When I started GMER again, I unclicked the "devices" box and got a full scan that took about 30 minutes...

Here are the contents of my GMER.log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-15 23:12:14
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320620AS rev.3.ADG
Running: 6prol2z6.exe; Driver: C:\Users\Alan\AppData\Local\Temp\pwddqpoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8AA371E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8AA37212]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8AA371FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8AA371D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 82247982 5 Bytes JMP 8AA371D8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 8240D143 5 Bytes JMP 8AA37216 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8242C89A 7 Bytes JMP 8AA371EC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8242CB5D 5 Bytes JMP 8AA37202 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F201000, 0x39CB05, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[288] ntdll.dll!NtCreateFile 77474224 5 Bytes JMP 002E0FE5
.text C:\Windows\system32\svchost.exe[288] ntdll.dll!NtCreateProcess 774742E4 5 Bytes JMP 002E0000
.text C:\Windows\system32\svchost.exe[288] ntdll.dll!NtProtectVirtualMemory 77474B84 5 Bytes JMP 002E0FD4
.text C:\Windows\system32\svchost.exe[288] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00140F3C
.text C:\Windows\system32\svchost.exe[288] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 0014008C
.text C:\Windows\system32\svchost.exe[288] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00140F21
.text C:\Windows\system32\svchost.exe[288] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 001400AE
.text C:\Windows\system32\svchost.exe[288] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00140F86
.text C:\Windows\system32\svchost.exe[288] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00140FD4
.text C:\Windows\system32\svchost.exe[288] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00140025
.text C:\Windows\system32\svchost.exe[288] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00140F61
.text C:\Windows\system32\svchost.exe[288] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00140F97
.text C:\Windows\system32\svchost.exe[288] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00140040
.text C:\Windows\system32\svchost.exe[288] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00140FA8
.text C:\Windows\system32\svchost.exe[288] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00140FB9
.text C:\Windows\system32\svchost.exe[288] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00140071
.text C:\Windows\system32\svchost.exe[288] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 00140F06
.text C:\Windows\system32\svchost.exe[288] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 0014000A
.text C:\Windows\system32\svchost.exe[288] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00140FEF
.text C:\Windows\system32\svchost.exe[288] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 0014009D
.text C:\Windows\system32\svchost.exe[288] msvcrt.dll!_wsystem 75E27F2F 5 Bytes JMP 00170042
.text C:\Windows\system32\svchost.exe[288] msvcrt.dll!system 75E2804B 5 Bytes JMP 00170FAD
.text C:\Windows\system32\svchost.exe[288] msvcrt.dll!_creat 75E2BBE1 5 Bytes JMP 00170FC8
.text C:\Windows\system32\svchost.exe[288] msvcrt.dll!_open 75E2D106 5 Bytes JMP 00170000
.text C:\Windows\system32\svchost.exe[288] msvcrt.dll!_wcreat 75E2D326 5 Bytes JMP 0017001D
.text C:\Windows\system32\svchost.exe[288] msvcrt.dll!_wopen 75E2D501 5 Bytes JMP 00170FE3
.text C:\Windows\system32\svchost.exe[288] ADVAPI32.dll!RegCreateKeyExA 75CF39AB 5 Bytes JMP 00150F9E
.text C:\Windows\system32\svchost.exe[288] ADVAPI32.dll!RegCreateKeyA 75CF3BA9 5 Bytes JMP 00150025
.text C:\Windows\system32\svchost.exe[288] ADVAPI32.dll!RegOpenKeyA 75CF89C7 5 Bytes JMP 00150FEF
.text C:\Windows\system32\svchost.exe[288] ADVAPI32.dll!RegCreateKeyW 75D0391E 5 Bytes JMP 00150040
.text C:\Windows\system32\svchost.exe[288] ADVAPI32.dll!RegCreateKeyExW 75D041F1 5 Bytes JMP 0015005B
.text C:\Windows\system32\svchost.exe[288] ADVAPI32.dll!RegOpenKeyExA 75D07C42 5 Bytes JMP 00150FD4
.text C:\Windows\system32\svchost.exe[288] ADVAPI32.dll!RegOpenKeyW 75D0E2B5 5 Bytes JMP 0015000A
.text C:\Windows\system32\svchost.exe[288] ADVAPI32.dll!RegOpenKeyExW 75D17BA1 5 Bytes JMP 00150FC3
.text C:\Windows\system32\svchost.exe[288] WS2_32.dll!socket 75DA36D1 5 Bytes JMP 00160FEF
.text C:\Windows\system32\services.exe[712] ntdll.dll!NtCreateFile 77474224 5 Bytes JMP 00080FEF
.text C:\Windows\system32\services.exe[712] ntdll.dll!NtCreateProcess 774742E4 5 Bytes JMP 0008002F
.text C:\Windows\system32\services.exe[712] ntdll.dll!NtProtectVirtualMemory 77474B84 5 Bytes JMP 0008000A
.text C:\Windows\system32\services.exe[712] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 000700DA
.text C:\Windows\system32\services.exe[712] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 000700B5
.text C:\Windows\system32\services.exe[712] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 0007011A
.text C:\Windows\system32\services.exe[712] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 00070F79
.text C:\Windows\system32\services.exe[712] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00070FB9
.text C:\Windows\system32\services.exe[712] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00070040
.text C:\Windows\system32\services.exe[712] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00070051
.text C:\Windows\system32\services.exe[712] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00070F8A
.text C:\Windows\system32\services.exe[712] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00070087
.text C:\Windows\system32\services.exe[712] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00070FE5
.text C:\Windows\system32\services.exe[712] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00070FD4
.text C:\Windows\system32\services.exe[712] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00070062
.text C:\Windows\system32\services.exe[712] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 000700A4
.text C:\Windows\system32\services.exe[712] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 0007012B
.text C:\Windows\system32\services.exe[712] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 0007001B
.text C:\Windows\system32\services.exe[712] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00070000
.text C:\Windows\system32\services.exe[712] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 000700F5
.text C:\Windows\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyExA 75CF39AB 5 Bytes JMP 00090040
.text C:\Windows\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyA 75CF3BA9 5 Bytes JMP 00090FAF
.text C:\Windows\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyA 75CF89C7 5 Bytes JMP 00090000
.text C:\Windows\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyW 75D0391E 5 Bytes JMP 00090F9E
.text C:\Windows\system32\services.exe[712] ADVAPI32.dll!RegCreateKeyExW 75D041F1 5 Bytes JMP 00090F83
.text C:\Windows\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyExA 75D07C42 5 Bytes JMP 00090FD1
.text C:\Windows\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyW 75D0E2B5 5 Bytes JMP 00090011
.text C:\Windows\system32\services.exe[712] ADVAPI32.dll!RegOpenKeyExW 75D17BA1 5 Bytes JMP 00090FC0
.text C:\Windows\system32\services.exe[712] msvcrt.dll!_wsystem 75E27F2F 5 Bytes JMP 001E0FBC
.text C:\Windows\system32\services.exe[712] msvcrt.dll!system 75E2804B 5 Bytes JMP 001E0047
.text C:\Windows\system32\services.exe[712] msvcrt.dll!_creat 75E2BBE1 5 Bytes JMP 001E001B
.text C:\Windows\system32\services.exe[712] msvcrt.dll!_open 75E2D106 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\services.exe[712] msvcrt.dll!_wcreat 75E2D326 5 Bytes JMP 001E0036
.text C:\Windows\system32\services.exe[712] msvcrt.dll!_wopen 75E2D501 5 Bytes JMP 001E0000
.text C:\Windows\system32\services.exe[712] WS2_32.dll!socket 75DA36D1 5 Bytes JMP 000A0000
.text C:\Windows\system32\lsass.exe[744] ntdll.dll!NtCreateFile 77474224 5 Bytes JMP 00180FE5
.text C:\Windows\system32\lsass.exe[744] ntdll.dll!NtCreateProcess 774742E4 5 Bytes JMP 0018001B
.text C:\Windows\system32\lsass.exe[744] ntdll.dll!NtProtectVirtualMemory 77474B84 5 Bytes JMP 0018000A
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00170F35
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00170071
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00170F09
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 001700AA
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00170F7C
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 0017002C
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00170FE5
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00170F46
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00170F8D
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00170FB9
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00170F9E
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00170FD4
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00170F61
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 001700BB
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 0017001B
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00170000
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00170F24
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyExA 75CF39AB 5 Bytes JMP 00190FB9
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyA 75CF3BA9 5 Bytes JMP 00190040
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyA 75CF89C7 5 Bytes JMP 00190FEF
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyW 75D0391E 5 Bytes JMP 00190051
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyExW 75D041F1 5 Bytes JMP 00190076
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyExA 75D07C42 5 Bytes JMP 00190025
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyW 75D0E2B5 5 Bytes JMP 0019000A
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyExW 75D17BA1 5 Bytes JMP 00190FCA
.text C:\Windows\system32\lsass.exe[744] msvcrt.dll!_wsystem 75E27F2F 5 Bytes JMP 00820FA3
.text C:\Windows\system32\lsass.exe[744] msvcrt.dll!system 75E2804B 5 Bytes JMP 00820FBE
.text C:\Windows\system32\lsass.exe[744] msvcrt.dll!_creat 75E2BBE1 5 Bytes JMP 0082002E
.text C:\Windows\system32\lsass.exe[744] msvcrt.dll!_open 75E2D106 5 Bytes JMP 00820000
.text C:\Windows\system32\lsass.exe[744] msvcrt.dll!_wcreat 75E2D326 5 Bytes JMP 00820FCF
.text C:\Windows\system32\lsass.exe[744] msvcrt.dll!_wopen 75E2D501 5 Bytes JMP 00820011
.text C:\Windows\system32\lsass.exe[744] WS2_32.dll!socket 75DA36D1 5 Bytes JMP 00810FE5
.text C:\Windows\System32\svchost.exe[864] ntdll.dll!NtCreateFile 77474224 5 Bytes JMP 000C000A
.text C:\Windows\System32\svchost.exe[864] ntdll.dll!NtCreateProcess 774742E4 5 Bytes JMP 000C0FD4
.text C:\Windows\System32\svchost.exe[864] ntdll.dll!NtProtectVirtualMemory 77474B84 5 Bytes JMP 000C0FE5
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 000500C2
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00050F72
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00050F2B
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 00050F46
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 0005006E
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 0005001B
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00050FD4
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00050F83
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 0005005D
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00050FA8
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00050040
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00050FC3
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00050093
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 000500DD
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00050FE5
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[864] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00050F57
.text C:\Windows\System32\svchost.exe[864] msvcrt.dll!_wsystem 75E27F2F 5 Bytes JMP 00070025
.text C:\Windows\System32\svchost.exe[864] msvcrt.dll!system 75E2804B 5 Bytes JMP 00070FA4
.text C:\Windows\System32\svchost.exe[864] msvcrt.dll!_creat 75E2BBE1 5 Bytes JMP 00070FC6
.text C:\Windows\System32\svchost.exe[864] msvcrt.dll!_open 75E2D106 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[864] msvcrt.dll!_wcreat 75E2D326 5 Bytes JMP 00070FB5
.text C:\Windows\System32\svchost.exe[864] msvcrt.dll!_wopen 75E2D501 5 Bytes JMP 00070FE3
.text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyExA 75CF39AB 5 Bytes JMP 00060F94
.text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyA 75CF3BA9 5 Bytes JMP 00060036
.text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyA 75CF89C7 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyW 75D0391E 5 Bytes JMP 00060FAF
.text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyExW 75D041F1 5 Bytes JMP 00060F83
.text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyExA 75D07C42 5 Bytes JMP 00060025
.text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyW 75D0E2B5 5 Bytes JMP 00060014
.text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyExW 75D17BA1 5 Bytes JMP 00060FD4
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateFile 77474224 5 Bytes JMP 00630FEF
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateProcess 774742E4 5 Bytes JMP 00630FC3
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtProtectVirtualMemory 77474B84 5 Bytes JMP 00630FD4
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 000C0F5E
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 000C00A4
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 000C0F21
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 000C0F3C
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 000C007F
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 000C0FD4
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 000C0FB9
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 000C0F79
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 000C006E
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 000C0036
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 000C0047
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 000C0025
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 000C0F8A
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 000C0F10
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 000C0000
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 000C0F4D
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_wsystem 75E27F2F 5 Bytes JMP 0062005A
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!system 75E2804B 5 Bytes JMP 00620049
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_creat 75E2BBE1 5 Bytes JMP 00620FE3
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_open 75E2D106 5 Bytes JMP 0062000C
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_wcreat 75E2D326 5 Bytes JMP 00620038
.text C:\Windows\system32\svchost.exe[868] msvcrt.dll!_wopen 75E2D501 5 Bytes JMP 0062001D
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExA 75CF39AB 5 Bytes JMP 000F0051
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyA 75CF3BA9 5 Bytes JMP 000F0FB9
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyA 75CF89C7 5 Bytes JMP 000F0000
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyW 75D0391E 5 Bytes JMP 000F0040
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExW 75D041F1 5 Bytes JMP 000F0F9E
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExA 75D07C42 5 Bytes JMP 000F0FE5
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyW 75D0E2B5 5 Bytes JMP 000F001B
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExW 75D17BA1 5 Bytes JMP 000F0FCA
.text C:\Windows\system32\svchost.exe[868] WS2_32.dll!socket 75DA36D1 5 Bytes JMP 00610000
.text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtCreateFile 77474224 5 Bytes JMP 00750FEF
.text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtCreateProcess 774742E4 5 Bytes JMP 00750FCD
.text C:\Windows\system32\svchost.exe[916] ntdll.dll!NtProtectVirtualMemory 77474B84 5 Bytes JMP 00750FDE
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 007400EB
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 007400DA
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 0074011A
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 00740F79
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 007400AE
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00740FE5
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00740040
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00740FB9
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00740FCA
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 0074006C
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00740087
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00740051
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 007400C9
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 0074012B
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 0074001B
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00740000
.text C:\Windows\system32\svchost.exe[916] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00740F8A
.text C:\Windows\system32\svchost.exe[916] msvcrt.dll!_wsystem 75E27F2F 5 Bytes JMP 00E10FAD
.text C:\Windows\system32\svchost.exe[916] msvcrt.dll!system 75E2804B 5 Bytes JMP 00E10042
.text C:\Windows\system32\svchost.exe[916] msvcrt.dll!_creat 75E2BBE1 5 Bytes JMP 00E10FE3
.text C:\Windows\system32\svchost.exe[916] msvcrt.dll!_open 75E2D106 5 Bytes JMP 00E1000C
.text C:\Windows\system32\svchost.exe[916] msvcrt.dll!_wcreat 75E2D326 5 Bytes JMP 00E10FD2
.text C:\Windows\system32\svchost.exe[916] msvcrt.dll!_wopen 75E2D501 5 Bytes JMP 00E1001D
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!RegCreateKeyExA 75CF39AB 5 Bytes JMP 0076005B
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!RegCreateKeyA 75CF3BA9 5 Bytes JMP 0076002F
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!RegOpenKeyA 75CF89C7 5 Bytes JMP 00760000
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!RegCreateKeyW 75D0391E 5 Bytes JMP 00760040
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!RegCreateKeyExW 75D041F1 5 Bytes JMP 00760F9E
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!RegOpenKeyExA 75D07C42 5 Bytes JMP 00760FD4
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!RegOpenKeyW 75D0E2B5 5 Bytes JMP 00760FE5
.text C:\Windows\system32\svchost.exe[916] ADVAPI32.dll!RegOpenKeyExW 75D17BA1 5 Bytes JMP 00760FC3
.text C:\Windows\system32\svchost.exe[916] WS2_32.dll!socket 75DA36D1 5 Bytes JMP 00E00000
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtCreateFile 77474224 5 Bytes JMP 0075000A
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtCreateProcess 774742E4 5 Bytes JMP 00750FCA
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtProtectVirtualMemory 77474B84 5 Bytes JMP 00750FE5
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00690080
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00690F44
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00690F04
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 0069009B
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00690F7A
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00690FCD
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 0069001E
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00690F55
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00690F97
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00690039
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00690054
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00690FB2
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00690065
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 00690EF3
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00690FDE
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00690FEF
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00690F1F
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_wsystem 75E27F2F 5 Bytes JMP 00D50044
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!system 75E2804B 5 Bytes JMP 00D50033
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_creat 75E2BBE1 5 Bytes JMP 00D50FDE
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_open 75E2D106 5 Bytes JMP 00D50FEF
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_wcreat 75E2D326 5 Bytes JMP 00D50FCD
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_wopen 75E2D501 5 Bytes JMP 00D5000C
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExA 75CF39AB 5 Bytes JMP 00D30FA1
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyA 75CF3BA9 5 Bytes JMP 00D30039
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyA 75CF89C7 5 Bytes JMP 00D30FEF
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyW 75D0391E 5 Bytes JMP 00D30FB2
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExW 75D041F1 5 Bytes JMP 00D3005E
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExA 75D07C42 5 Bytes JMP 00D30014
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyW 75D0E2B5 5 Bytes JMP 00D30FDE
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExW 75D17BA1 5 Bytes JMP 00D30FC3
.text C:\Windows\system32\svchost.exe[980] WS2_32.dll!socket 75DA36D1 5 Bytes JMP 00D40000
.text C:\Windows\System32\svchost.exe[1108] ntdll.dll!NtCreateFile 77474224 5 Bytes JMP 019C0000
.text C:\Windows\System32\svchost.exe[1108] ntdll.dll!NtCreateProcess 774742E4 5 Bytes JMP 019C0036
.text C:\Windows\System32\svchost.exe[1108] ntdll.dll!NtProtectVirtualMemory 77474B84 5 Bytes JMP 019C001B
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00DB0F83
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00DB00C9
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00DB0F57
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 00DB0F68
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00DB0FA8
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00DB0FDB
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00DB002C
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00DB00AE
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00DB0076
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00DB0FB9
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00DB0065
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00DB0FCA
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00DB0093
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 00DB0F3C
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00DB001B
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00DB0000
.text C:\Windows\System32\svchost.exe[1108] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00DB00E4
.text C:\Windows\System32\svchost.exe[1108] msvcrt.dll!_wsystem 75E27F2F 5 Bytes JMP 01190027
.text C:\Windows\System32\svchost.exe[1108] msvcrt.dll!system 75E2804B 5 Bytes JMP 01190F9C
.text C:\Windows\System32\svchost.exe[1108] msvcrt.dll!_creat 75E2BBE1 5 Bytes JMP 0119000C
.text C:\Windows\System32\svchost.exe[1108] msvcrt.dll!_open 75E2D106 5 Bytes JMP 01190FEF
.text C:\Windows\System32\svchost.exe[1108] msvcrt.dll!_wcreat 75E2D326 5 Bytes JMP 01190FC1
.text C:\Windows\System32\svchost.exe[1108] msvcrt.dll!_wopen 75E2D501 5 Bytes JMP 01190FD2
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExA 75CF39AB 5 Bytes JMP 011A0F9E
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyA 75CF3BA9 5 Bytes JMP 011A0040
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyA 75CF89C7 5 Bytes JMP 011A0000
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW 75D0391E 5 Bytes JMP 011A0FAF
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExW 75D041F1 5 Bytes JMP 011A0065
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExA 75D07C42 5 Bytes JMP 011A0FEF
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyW 75D0E2B5 5 Bytes JMP 011A001B
.text C:\Windows\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExW 75D17BA1 5 Bytes JMP 011A0FDE
.text C:\Windows\System32\svchost.exe[1108] WS2_32.dll!socket 75DA36D1 5 Bytes JMP 008D000A
.text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtCreateFile 77474224 5 Bytes JMP 01520FEF
.text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtCreateProcess 774742E4 5 Bytes JMP 01520FCD
.text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtProtectVirtualMemory 77474B84 5 Bytes JMP 01520FDE
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 014C0F26
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 014C0F37
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 014C0F04
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 014C0F15
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 014C0047
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 014C0000
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 014C0FAF
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 014C0058
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 014C0036
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 014C0F94
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 014C0F79
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 014C001B
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 014C0F52
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 014C00B6
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 014C0FD4
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 014C0FE5
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 014C0091
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_wsystem 75E27F2F 5 Bytes JMP 01680FB7
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!system 75E2804B 5 Bytes JMP 01680038
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_creat 75E2BBE1 5 Bytes JMP 0168000C
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_open 75E2D106 5 Bytes JMP 01680FEF
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_wcreat 75E2D326 5 Bytes JMP 0168001D
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_wopen 75E2D501 5 Bytes JMP 01680FD2
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExA 75CF39AB 5 Bytes JMP 01510F97
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyA 75CF3BA9 5 Bytes JMP 01510FC3
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyA 75CF89C7 5 Bytes JMP 01510FEF
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW 75D0391E 5 Bytes JMP 01510FA8
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExW 75D041F1 5 Bytes JMP 0151004A
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExA 75D07C42 5 Bytes JMP 01510FD4
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyW 75D0E2B5 5 Bytes JMP 0151000A
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExW 75D17BA1 5 Bytes JMP 0151002F
.text C:\Windows\System32\svchost.exe[1132] WS2_32.dll!socket 75DA36D1 5 Bytes JMP 01530000
.text C:\Windows\system32\svchost.exe[1144] ntdll.dll!NtCreateFile 77474224 5 Bytes JMP 003F0000
.text C:\Windows\system32\svchost.exe[1144] ntdll.dll!NtCreateProcess 774742E4 5 Bytes JMP 003F0025
.text C:\Windows\system32\svchost.exe[1144] ntdll.dll!NtProtectVirtualMemory 77474B84 5 Bytes JMP 003F0FEF
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 003D0F39
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 003D0F4A
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 003D0F0D
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 003D0F1E
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 003D0F76
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 003D0FDB
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 003D0FB6
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 003D0075
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 003D005A
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 003D0022
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 003D0033
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 003D0FA5
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 003D0F65
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 003D00BF
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 003D0011
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 003D0000
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 003D009A
.text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_wsystem 75E27F2F 5 Bytes JMP 012E0FBE
.text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!system 75E2804B 5 Bytes JMP 012E0049
.text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_creat 75E2BBE1 5 Bytes JMP 012E002E
.text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_open 75E2D106 5 Bytes JMP 012E0000
.text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_wcreat 75E2D326 5 Bytes JMP 012E0FD9
.text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_wopen 75E2D501 5 Bytes JMP 012E0011
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExA 75CF39AB 5 Bytes JMP 003E0FB9
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyA 75CF3BA9 5 Bytes JMP 003E0FCA
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyA 75CF89C7 5 Bytes JMP 003E0FEF
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyW 75D0391E 5 Bytes JMP 003E005B
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExW 75D041F1 5 Bytes JMP 003E0F9E
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExA 75D07C42 5 Bytes JMP 003E001B
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyW 75D0E2B5 5 Bytes JMP 003E000A
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExW 75D17BA1 5 Bytes JMP 003E002C
.text C:\Windows\system32\svchost.exe[1144] WS2_32.dll!socket 75DA36D1 5 Bytes JMP 00400000
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtCreateFile 77474224 5 Bytes JMP 00640FE5
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtCreateProcess 774742E4 5 Bytes JMP 0064001B
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtProtectVirtualMemory 77474B84 5 Bytes JMP 00640000
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 004E0F34
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 004E007A
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 004E0F08
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 004E009F
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 004E0F7E
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 004E0011
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 004E0FC0
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 004E0F59
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 004E0058
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 004E0F9B
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 004E003D
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 004E002C
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 004E0069
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 004E00B0
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 004E0000
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 004E0FEF
.text C:\Windows\system32\svchost.exe[1216] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 004E0F23
.text C:\Windows\system32\svchost.exe[1216] msvcrt.dll!_wsystem 75E27F2F 5 Bytes JMP 00630058
.text C:\Windows\system32\svchost.exe[1216] msvcrt.dll!system 75E2804B 5 Bytes JMP 00630FCD
.text C:\Windows\system32\svchost.exe[1216] msvcrt.dll!_creat 75E2BBE1 5 Bytes JMP 00630FDE
.text C:\Windows\system32\svchost.exe[1216] msvcrt.dll!_open 75E2D106 5 Bytes JMP 00630FEF
.text C:\Windows\system32\svchost.exe[1216] msvcrt.dll!_wcreat 75E2D326 5 Bytes JMP 00630033
.text C:\Windows\system32\svchost.exe[1216] msvcrt.dll!_wopen 75E2D501 5 Bytes JMP 0063000C
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExA 75CF39AB 5 Bytes JMP 00600040
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyA 75CF3BA9 5 Bytes JMP 00600FB9
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyA 75CF89C7 5 Bytes JMP 00600FEF
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyW 75D0391E 5 Bytes JMP 00600F9E
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExW 75D041F1 5 Bytes JMP 00600051
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExA 75D07C42 5 Bytes JMP 00600FD4
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyW 75D0E2B5 5 Bytes JMP 0060000A
.text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExW 75D17BA1 5 Bytes JMP 00600025
.text C:\Windows\system32\svchost.exe[1216] WS2_32.dll!socket 75DA36D1 5 Bytes JMP 00620FE5
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!NtCreateFile 77474224 5 Bytes JMP 0049000A
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!NtCreateProcess 774742E4 5 Bytes JMP 0049002C
.text C:\Windows\system32\svchost.exe[1264] ntdll.dll!NtProtectVirtualMemory 77474B84 5 Bytes JMP 0049001B
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00070F4B
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00070091
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00070F15
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 000700AC
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 0007005B
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00070FB9
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 0007000A
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00070076
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00070F81
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00070025
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00070040
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00070F9E
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00070F66
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 00070F04
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00070FD4
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00070FEF
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00070F3A
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_wsystem 75E27F2F 5 Bytes JMP 004E0FAD
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!system 75E2804B 5 Bytes JMP 004E0038
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_creat 75E2BBE1 5 Bytes JMP 004E000C
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_open 75E2D106 5 Bytes JMP 004E0FEF
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_wcreat 75E2D326 5 Bytes JMP 004E0027
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_wopen 75E2D501 5 Bytes JMP 004E0FD2
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExA 75CF39AB 5 Bytes JMP 00470FC0
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyA 75CF3BA9 5 Bytes JMP 00470051
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyA 75CF89C7 5 Bytes JMP 00470000
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyW 75D0391E 5 Bytes JMP 00470062
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExW 75D041F1 5 Bytes JMP 00470F9B
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExA 75D07C42 5 Bytes JMP 00470025
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyW 75D0E2B5 5 Bytes JMP 00470FEF
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExW 75D17BA1 5 Bytes JMP 00470040
.text C:\Windows\system32\svchost.exe[1264] WS2_32.dll!socket 75DA36D1 5 Bytes JMP 00480FEF
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!NtCreateFile 77474224 5 Bytes JMP 00D80000
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!NtCreateProcess 774742E4 5 Bytes JMP 00D80FE5
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!NtProtectVirtualMemory 77474B84 5 Bytes JMP 00D8001B
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 0058009B
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 0058008A
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00580F33
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 005800CA
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00580F81
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00580025
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00580036
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00580F55
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 0058005B
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00580FC3
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00580FA8
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00580FD4
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00580F66
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 00580F18
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 0058000A
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00580FEF
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00580F44
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_wsystem 75E27F2F 5 Bytes JMP 00640F9A
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!system 75E2804B 5 Bytes JMP 00640FAB
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_creat 75E2BBE1 5 Bytes JMP 00640011
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_open 75E2D106 5 Bytes JMP 00640FEF
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_wcreat 75E2D326 5 Bytes JMP 00640FBC
.text C:\Windows\system32\svchost.exe[1348] msvcrt.dll!_wopen 75E2D501 5 Bytes JMP 00640000
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyExA 75CF39AB 5 Bytes JMP 00590FB9
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyA 75CF3BA9 5 Bytes JMP 00590FCA
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyA 75CF89C7 5 Bytes JMP 0059000A
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyW 75D0391E 5 Bytes JMP 00590051
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegCreateKeyExW 75D041F1 5 Bytes JMP 00590076
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyExA 75D07C42 5 Bytes JMP 0059001B
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyW 75D0E2B5 5 Bytes JMP 00590FEF
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!RegOpenKeyExW 75D17BA1 5 Bytes JMP 00590036
.text C:\Windows\system32\svchost.exe[1348] WS2_32.dll!socket 75DA36D1 5 Bytes JMP 00630000
.text C:\Windows\system32\svchost.exe[1348] WININET.dll!InternetOpenA 760B4E33 5 Bytes JMP 00660FEF
.text C:\Windows\system32\svchost.exe[1348] WININET.dll!InternetOpenUrlA 760BBFCE 5 Bytes JMP 00660000
.text C:\Windows\system32\svchost.exe[1348] WININET.dll!InternetOpenW 760EC02E 5 Bytes JMP 00660FD4
.text C:\Windows\system32\svchost.exe[1348] WININET.dll!InternetOpenUrlW 7611D70A 5 Bytes JMP 00660FAF
.text C:\Windows\system32\svchost.exe[1500] ntdll.dll!NtCreateFile 77474224 5 Bytes JMP 005A0FEF
.text C:\Windows\system32\svchost.exe[1500] ntdll.dll!NtCreateProcess 774742E4 5 Bytes JMP 005A0FDE
.text C:\Windows\system32\svchost.exe[1500] ntdll.dll!NtProtectVirtualMemory 77474B84 5 Bytes JMP 005A000A
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00550F4B
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00550087
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 005500D8
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 005500C7
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00550F66
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00550FCA
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00550FAF
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 0055006C
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00550040
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00550F8D
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00550025
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00550F9E
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 0055005B
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 005500FD
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00550000
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00550FEF
.text C:\Windows\system32\svchost.exe[1500] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 005500AC
.text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_wsystem 75E27F2F 5 Bytes JMP 00590FB2
.text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!system 75E2804B 5 Bytes JMP 0059003D
.text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_creat 75E2BBE1 5 Bytes JMP 00590FCD
.text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_open 75E2D106 5 Bytes JMP 00590FEF
.text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_wcreat 75E2D326 5 Bytes JMP 00590022
.text C:\Windows\system32\svchost.exe[1500] msvcrt.dll!_wopen 75E2D501 5 Bytes JMP 00590FDE
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExA 75CF39AB 5 Bytes JMP 0056007D
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyA 75CF3BA9 5 Bytes JMP 00560051
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyA 75CF89C7 5 Bytes JMP 00560FE5
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyW 75D0391E 5 Bytes JMP 00560062
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegCreateKeyExW 75D041F1 5 Bytes JMP 00560098
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExA 75D07C42 5 Bytes JMP 0056001B
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyW 75D0E2B5 5 Bytes JMP 0056000A
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!RegOpenKeyExW 75D17BA1 5 Bytes JMP 00560036
.text C:\Windows\system32\svchost.exe[1500] WS2_32.dll!socket 75DA36D1 5 Bytes JMP 0058000A
.text C:\Windows\system32\svchost.exe[1740] ntdll.dll!NtCreateFile 77474224 5 Bytes JMP 00FE0000
.text C:\Windows\system32\svchost.exe[1740] ntdll.dll!NtCreateProcess 774742E4 5 Bytes JMP 00FE0FEF
.text C:\Windows\system32\svchost.exe[1740] ntdll.dll!NtProtectVirtualMemory 77474B84 5 Bytes JMP 00FE001B
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00F10F37
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00F10087
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00F10F12
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 00F100A9
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00F10062
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00F10FDB
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00F10FC0
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00F10F5C
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00F10051
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00F10FA5
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00F10F94
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00F1002C
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00F10F6D
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 00F100CE
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00F10011
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00F10000
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00F10098
.text C:\Windows\system32\svchost.exe[1740] msvcrt.dll!_wsystem 75E27F2F 5 Bytes JMP 00FD0025
.text C:\Windows\system32\svchost.exe[1740] msvcrt.dll!system 75E2804B 5 Bytes JMP 00FD0F9A
.text C:\Windows\system32\svchost.exe[1740] msvcrt.dll!_creat 75E2BBE1 5 Bytes JMP 00FD0FC6
.text C:\Windows\system32\svchost.exe[1740] msvcrt.dll!_open 75E2D106 5 Bytes JMP 00FD0FE3
.text C:\Windows\system32\svchost.exe[1740] msvcrt.dll!_wcreat 75E2D326 5 Bytes JMP 00FD0FAB
.text C:\Windows\system32\svchost.exe[1740] msvcrt.dll!_wopen 75E2D501 5 Bytes JMP 00FD0000
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyExA 75CF39AB 5 Bytes JMP 00F70069
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyA 75CF3BA9 5 Bytes JMP 00F70FC7
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyA 75CF89C7 5 Bytes JMP 00F70000
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyW 75D0391E 5 Bytes JMP 00F7004E
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyExW 75D041F1 5 Bytes JMP 00F70084
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyExA 75D07C42 5 Bytes JMP 00F7002C
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyW 75D0E2B5 5 Bytes JMP 00F7001B
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyExW 75D17BA1 5 Bytes JMP 00F7003D
.text C:\Windows\system32\svchost.exe[1740] WS2_32.dll!socket 75DA36D1 5 Bytes JMP 00FC0000
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2208] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 714E9AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2208] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 714E9A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\Explorer.EXE[2508] ntdll.dll!NtCreateFile 77474224 5 Bytes JMP 03570000
.text C:\Windows\Explorer.EXE[2508] ntdll.dll!NtCreateProcess 774742E4 5 Bytes JMP 03570FDB
.text C:\Windows\Explorer.EXE[2508] ntdll.dll!NtProtectVirtualMemory 77474B84 5 Bytes JMP 03570011
.text C:\Windows\Explorer.EXE[2508] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 01CF0F30
.text C:\Windows\Explorer.EXE[2508] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 01CF0F4B
.text C:\Windows\Explorer.EXE[2508] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 01CF00C7
.text C:\Windows\Explorer.EXE[2508] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 01CF00AC
.text C:\Windows\Explorer.EXE[2508] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 01CF0F70
.text C:\Windows\Explorer.EXE[2508] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 01CF0FEF
.text C:\Windows\Explorer.EXE[2508] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 01CF0040
.text C:\Windows\Explorer.EXE[2508] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 01CF0080
.text C:\Windows\Explorer.EXE[2508] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 01CF0F8D
.text C:\Windows\Explorer.EXE[2508] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 01CF0FB9
.text C:\Windows\Explorer.EXE[2508] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 01CF0F9E
.text C:\Windows\Explorer.EXE[2508] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 01CF0FD4
.text C:\Windows\Explorer.EXE[2508] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 01CF006F
.text C:\Windows\Explorer.EXE[2508] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 01CF00D8
.text C:\Windows\Explorer.EXE[2508] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 01CF001B
.text C:\Windows\Explorer.EXE[2508] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 01CF000A
.text C:\Windows\Explorer.EXE[2508] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 01CF009B
.text C:\Windows\Explorer.EXE[2508] ADVAPI32.dll!RegCreateKeyExA 75CF39AB 1 Byte [E9]
.text C:\Windows\Explorer.EXE[2508] ADVAPI32.dll!RegCreateKeyExA 75CF39AB 5 Bytes JMP 01D00FAF
.text C:\Windows\Explorer.EXE[2508] ADVAPI32.dll!RegCreateKeyA 75CF3BA9 5 Bytes JMP 01D0005B
.text C:\Windows\Explorer.EXE[2508] ADVAPI32.dll!RegOpenKeyA 75CF89C7 5 Bytes JMP 01D00000
.text C:\Windows\Explorer.EXE[2508] ADVAPI32.dll!RegCreateKeyW 75D0391E 5 Bytes JMP 01D00FD4
.text C:\Windows\Explorer.EXE[2508] ADVAPI32.dll!RegCreateKeyExW 75D041F1 5 Bytes JMP 01D00F9E
.text C:\Windows\Explorer.EXE[2508] ADVAPI32.dll!RegOpenKeyExA 75D07C42 5 Bytes JMP 01D00025
.text C:\Windows\Explorer.EXE[2508] ADVAPI32.dll!RegOpenKeyW 75D0E2B5 5 Bytes JMP 01D00FE5
.text C:\Windows\Explorer.EXE[2508] ADVAPI32.dll!RegOpenKeyExW 75D17BA1 5 Bytes JMP 01D00036
.text C:\Windows\Explorer.EXE[2508] msvcrt.dll!_wsystem 75E27F2F 5 Bytes JMP 03530031
.text C:\Windows\Explorer.EXE[2508] msvcrt.dll!system 75E2804B 5 Bytes JMP 03530FA6
.text C:\Windows\Explorer.EXE[2508] msvcrt.dll!_creat 75E2BBE1 5 Bytes JMP 03530FC1
.text C:\Windows\Explorer.EXE[2508] msvcrt.dll!_open 75E2D106 5 Bytes JMP 03530FEF
.text C:\Windows\Explorer.EXE[2508] msvcrt.dll!_wcreat 75E2D326 5 Bytes JMP 03530016
.text C:\Windows\Explorer.EXE[2508] msvcrt.dll!_wopen 75E2D501 5 Bytes JMP 03530FDE
.text C:\Windows\Explorer.EXE[2508] WININET.dll!InternetOpenA 760B4E33 5 Bytes JMP 03550000
.text C:\Windows\Explorer.EXE[2508] WININET.dll!InternetOpenUrlA 760BBFCE 5 Bytes JMP 0355002C
.text C:\Windows\Explorer.EXE[2508] WININET.dll!InternetOpenW 760EC02E 5 Bytes JMP 0355001B
.text C:\Windows\Explorer.EXE[2508] WININET.dll!InternetOpenUrlW 7611D70A 5 Bytes JMP 03550FDB
.text C:\Windows\Explorer.EXE[2508] WS2_32.dll!socket 75DA36D1 5 Bytes JMP 03520FE5
.text \\.\globalroot\Device\HarddiskVolume3\Users\Alan\AppData\Local\Temp\win4036e0.dat[2996] USER32.dll!WindowFromPoint 75FF884F 5 Bytes JMP 0168000A
.text \\.\globalroot\Device\HarddiskVolume3\Users\Alan\AppData\Local\Temp\win4036e0.dat[2996] USER32.dll!GetForegroundWindow 760032C4 5 Bytes JMP 0169000A
.text \\.\globalroot\Device\HarddiskVolume3\Users\Alan\AppData\Local\Temp\win4036e0.dat[2996] USER32.dll!GetCursorPos 76010B88 5 Bytes JMP 0162000A
.text \\.\globalroot\Device\HarddiskVolume3\Users\Alan\AppData\Local\Temp\win4036e0.dat[2996] ole32.dll!CoCreateInstance 75EF9F3E 5 Bytes JMP 003F000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\mfevtps.exe[396] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [000E7740] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\system32\mfevtps.exe[396] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [000E77A0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\Explorer.EXE[2508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73EF7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F4A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73EFBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73EEF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73EF75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73EEE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73F28395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73EFDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73EEFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73EEFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73EE71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73F7CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73F1C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73EED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73EE6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73EE687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2508] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73EF2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter 17672
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help 17673
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3810396432-2170358803-2536125792-1000@RefCount 3

---- EOF - GMER 1.0.15 ----

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:05 PM

Posted 16 September 2011 - 09:47 AM

All looks clean by now and your internet settings seem to be correct.

Let's try couple of basic fixes...

Make sure, your computer is set to obtain IP address automatically.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
6. Click Obtain an IP Address Automatically, and then click OK.

If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 ARKeng

ARKeng
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 16 September 2011 - 10:41 AM

Thanks for the help Broni. Unfortunately, still no luck.

Both of your cmd line series worked temporarily after reboot, but both times the internet abruptly shut down about 2 minutes after login again.

Thanks again. Any more ideas? I won't be able to try these as quickly - got to get to work.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:05 PM

Posted 16 September 2011 - 01:20 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 ARKeng

ARKeng
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 17 September 2011 - 01:53 AM

TDSSKiller didn't find anything...Here are the contents of my TDSSKiller log:

2011/09/16 23:48:55.0132 5536 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/16 23:48:57.0160 5536 ================================================================================
2011/09/16 23:48:57.0160 5536 SystemInfo:
2011/09/16 23:48:57.0160 5536
2011/09/16 23:48:57.0160 5536 OS Version: 6.0.6002 ServicePack: 2.0
2011/09/16 23:48:57.0160 5536 Product type: Workstation
2011/09/16 23:48:57.0160 5536 ComputerName: ALAN-DESKTOP
2011/09/16 23:48:57.0363 5536 UserName: Alan
2011/09/16 23:48:57.0363 5536 Windows directory: C:\Windows
2011/09/16 23:48:57.0363 5536 System windows directory: C:\Windows
2011/09/16 23:48:57.0363 5536 Processor architecture: Intel x86
2011/09/16 23:48:57.0363 5536 Number of processors: 2
2011/09/16 23:48:57.0363 5536 Page size: 0x1000
2011/09/16 23:48:57.0363 5536 Boot type: Normal boot
2011/09/16 23:48:57.0363 5536 ================================================================================
2011/09/16 23:49:03.0291 5536 Initialize success
2011/09/16 23:49:09.0437 2224 ================================================================================
2011/09/16 23:49:09.0437 2224 Scan started
2011/09/16 23:49:09.0437 2224 Mode: Manual;
2011/09/16 23:49:09.0437 2224 ================================================================================
2011/09/16 23:49:11.0294 2224 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/16 23:49:11.0356 2224 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/09/16 23:49:11.0387 2224 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/09/16 23:49:11.0418 2224 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/09/16 23:49:11.0450 2224 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/09/16 23:49:11.0668 2224 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/16 23:49:24.0366 2224 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/09/16 23:49:24.0616 2224 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/16 23:49:25.0037 2224 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/09/16 23:49:25.0287 2224 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/09/16 23:49:25.0490 2224 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/09/16 23:49:25.0708 2224 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/09/16 23:49:26.0457 2224 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/09/16 23:49:29.0733 2224 amdkmdag (68d791d78454684340433e52059eb45e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/16 23:49:31.0215 2224 amdkmdap (96cd7053a516c30e61a05df9757da7de) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/09/16 23:49:31.0464 2224 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/09/16 23:49:31.0542 2224 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/09/16 23:49:31.0714 2224 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/16 23:49:31.0776 2224 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/09/16 23:49:32.0104 2224 atikmdag (68d791d78454684340433e52059eb45e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/16 23:49:32.0260 2224 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/16 23:49:32.0291 2224 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/09/16 23:49:32.0338 2224 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/16 23:49:32.0478 2224 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/16 23:49:32.0556 2224 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/16 23:49:32.0603 2224 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/16 23:49:32.0634 2224 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/16 23:49:32.0681 2224 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/16 23:49:32.0712 2224 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/16 23:49:32.0759 2224 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/16 23:49:32.0822 2224 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/16 23:49:32.0884 2224 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/16 23:49:32.0962 2224 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
2011/09/16 23:49:33.0056 2224 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/09/16 23:49:33.0149 2224 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/16 23:49:33.0243 2224 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/09/16 23:49:33.0258 2224 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/09/16 23:49:33.0290 2224 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/09/16 23:49:33.0305 2224 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/09/16 23:49:33.0399 2224 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/16 23:49:33.0492 2224 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/16 23:49:33.0524 2224 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/16 23:49:33.0586 2224 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/16 23:49:33.0680 2224 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/09/16 23:49:33.0789 2224 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/16 23:49:33.0960 2224 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/16 23:49:34.0038 2224 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/09/16 23:49:34.0163 2224 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/09/16 23:49:34.0210 2224 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/16 23:49:34.0241 2224 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/16 23:49:34.0288 2224 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/16 23:49:34.0335 2224 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/16 23:49:34.0366 2224 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/16 23:49:34.0397 2224 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/16 23:49:34.0538 2224 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/16 23:49:35.0099 2224 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/09/16 23:49:35.0567 2224 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/16 23:49:35.0910 2224 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/16 23:49:36.0363 2224 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/16 23:49:36.0441 2224 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/16 23:49:36.0566 2224 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/16 23:49:36.0659 2224 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/16 23:49:36.0753 2224 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/09/16 23:49:36.0878 2224 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/16 23:49:37.0018 2224 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/09/16 23:49:37.0236 2224 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/16 23:49:37.0314 2224 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2011/09/16 23:49:37.0455 2224 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/09/16 23:49:37.0486 2224 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/16 23:49:37.0580 2224 IntcAzAudAddService (4eae74c8bcbca309a5d7cbad7e231427) C:\Windows\system32\drivers\RTKVHDA.sys
2011/09/16 23:49:37.0720 2224 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2011/09/16 23:49:37.0751 2224 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/16 23:49:37.0814 2224 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/16 23:49:37.0860 2224 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/16 23:49:37.0876 2224 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/16 23:49:37.0907 2224 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/16 23:49:37.0923 2224 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/09/16 23:49:37.0954 2224 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/16 23:49:37.0985 2224 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/16 23:49:38.0016 2224 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/16 23:49:38.0032 2224 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/16 23:49:38.0094 2224 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/16 23:49:38.0157 2224 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/16 23:49:38.0219 2224 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\Windows\system32\drivers\libusb0.sys
2011/09/16 23:49:38.0328 2224 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/16 23:49:38.0406 2224 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/16 23:49:38.0422 2224 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/16 23:49:38.0453 2224 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/16 23:49:38.0484 2224 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/16 23:49:38.0594 2224 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/09/16 23:49:38.0625 2224 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/09/16 23:49:38.0718 2224 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys
2011/09/16 23:49:38.0843 2224 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
2011/09/16 23:49:38.0999 2224 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
2011/09/16 23:49:39.0124 2224 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
2011/09/16 23:49:39.0233 2224 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys
2011/09/16 23:49:39.0342 2224 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/09/16 23:49:39.0467 2224 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
2011/09/16 23:49:39.0545 2224 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
2011/09/16 23:49:39.0608 2224 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
2011/09/16 23:49:39.0732 2224 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
2011/09/16 23:49:39.0842 2224 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/16 23:49:39.0966 2224 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/16 23:49:40.0013 2224 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/16 23:49:40.0247 2224 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/16 23:49:40.0388 2224 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/16 23:49:40.0419 2224 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/09/16 23:49:40.0512 2224 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/16 23:49:40.0606 2224 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/16 23:49:40.0778 2224 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/16 23:49:41.0074 2224 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/16 23:49:41.0620 2224 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/16 23:49:41.0776 2224 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/16 23:49:41.0932 2224 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/09/16 23:49:41.0994 2224 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/09/16 23:49:42.0041 2224 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/16 23:49:42.0072 2224 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/16 23:49:42.0119 2224 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/16 23:49:42.0135 2224 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/16 23:49:42.0150 2224 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/16 23:49:42.0197 2224 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/16 23:49:42.0228 2224 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/16 23:49:42.0228 2224 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/16 23:49:42.0260 2224 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/16 23:49:42.0291 2224 NAL (8e7726ba6e6c4cd81baa6c8d8c0099f3) C:\Windows\system32\Drivers\iqvw32.sys
2011/09/16 23:49:42.0416 2224 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/16 23:49:42.0462 2224 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/16 23:49:42.0478 2224 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/16 23:49:42.0509 2224 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/16 23:49:42.0556 2224 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/16 23:49:42.0587 2224 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/16 23:49:42.0618 2224 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/16 23:49:42.0650 2224 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/16 23:49:42.0696 2224 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/16 23:49:42.0743 2224 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/16 23:49:42.0790 2224 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/16 23:49:42.0852 2224 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/16 23:49:42.0930 2224 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/16 23:49:42.0962 2224 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/16 23:49:43.0008 2224 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/09/16 23:49:43.0040 2224 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/09/16 23:49:43.0055 2224 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/09/16 23:49:43.0118 2224 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/09/16 23:49:43.0180 2224 Packet (8f856dae19383bd69db444004d5d4f50) C:\Windows\system32\DRIVERS\packet.sys
2011/09/16 23:49:43.0258 2224 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/16 23:49:43.0289 2224 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/16 23:49:43.0320 2224 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/16 23:49:43.0383 2224 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
2011/09/16 23:49:43.0430 2224 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/16 23:49:43.0492 2224 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/09/16 23:49:43.0539 2224 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/09/16 23:49:43.0617 2224 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/16 23:49:43.0742 2224 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/16 23:49:43.0773 2224 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/09/16 23:49:43.0820 2224 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/16 23:49:43.0866 2224 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/09/16 23:49:43.0929 2224 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/09/16 23:49:44.0007 2224 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/16 23:49:44.0054 2224 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/16 23:49:44.0241 2224 R300 (68d791d78454684340433e52059eb45e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/16 23:49:44.0350 2224 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/16 23:49:44.0381 2224 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/16 23:49:44.0428 2224 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/16 23:49:44.0475 2224 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/16 23:49:44.0537 2224 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/16 23:49:44.0568 2224 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/16 23:49:44.0600 2224 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/09/16 23:49:44.0615 2224 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/16 23:49:44.0646 2224 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/16 23:49:44.0693 2224 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/16 23:49:44.0834 2224 SASDIFSV (39763504067962108505bff25f024345) C:\Users\Alan\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS
2011/09/16 23:49:44.0943 2224 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Users\Alan\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS
2011/09/16 23:49:45.0068 2224 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/16 23:49:45.0177 2224 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/16 23:49:45.0239 2224 Sentinel (95a26d5d8ceda33377af627dafc2796f) C:\Windows\System32\Drivers\SENTINEL.SYS
2011/09/16 23:49:45.0317 2224 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/16 23:49:45.0473 2224 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/16 23:49:45.0582 2224 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/16 23:49:45.0660 2224 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/09/16 23:49:45.0723 2224 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/16 23:49:45.0770 2224 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/16 23:49:45.0801 2224 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/16 23:49:45.0863 2224 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/09/16 23:49:45.0894 2224 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/09/16 23:49:45.0957 2224 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/09/16 23:49:46.0004 2224 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/16 23:49:46.0066 2224 SNTNLUSB (8d4a96868ae13c3cf8425b383b59d802) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
2011/09/16 23:49:46.0160 2224 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/16 23:49:46.0222 2224 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/16 23:49:46.0409 2224 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/16 23:49:46.0581 2224 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/16 23:49:46.0690 2224 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/16 23:49:46.0752 2224 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/16 23:49:46.0815 2224 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/16 23:49:46.0862 2224 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/16 23:49:46.0955 2224 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/09/16 23:49:47.0127 2224 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/16 23:49:47.0174 2224 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/16 23:49:47.0205 2224 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/16 23:49:47.0236 2224 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/16 23:49:47.0283 2224 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/16 23:49:47.0330 2224 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/16 23:49:47.0423 2224 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/16 23:49:47.0470 2224 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/16 23:49:47.0548 2224 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/16 23:49:47.0610 2224 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/09/16 23:49:47.0673 2224 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/16 23:49:47.0751 2224 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/16 23:49:47.0782 2224 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/09/16 23:49:47.0813 2224 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/16 23:49:47.0844 2224 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/16 23:49:47.0876 2224 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/16 23:49:47.0922 2224 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/09/16 23:49:47.0954 2224 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/16 23:49:47.0985 2224 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/16 23:49:48.0016 2224 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/16 23:49:48.0063 2224 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/16 23:49:48.0125 2224 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/09/16 23:49:48.0203 2224 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/16 23:49:48.0281 2224 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/16 23:49:48.0344 2224 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/16 23:49:48.0406 2224 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/09/16 23:49:48.0468 2224 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/16 23:49:48.0500 2224 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/16 23:49:48.0546 2224 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/09/16 23:49:48.0609 2224 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/09/16 23:49:48.0671 2224 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/09/16 23:49:48.0718 2224 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/16 23:49:48.0780 2224 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/16 23:49:48.0812 2224 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/16 23:49:48.0858 2224 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/09/16 23:49:48.0921 2224 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/16 23:49:48.0952 2224 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/16 23:49:48.0983 2224 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/16 23:49:49.0014 2224 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/09/16 23:49:49.0046 2224 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/16 23:49:49.0170 2224 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/16 23:49:49.0233 2224 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/16 23:49:49.0264 2224 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/16 23:49:49.0342 2224 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/09/16 23:49:49.0358 2224 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
2011/09/16 23:49:49.0373 2224 Boot (0x1200) (c44e4fe2ed9fbb0b04119b0847bfe8e2) \Device\Harddisk0\DR0\Partition0
2011/09/16 23:49:49.0404 2224 Boot (0x1200) (aa163ab8b5d7faac4e0a492acf2aa92d) \Device\Harddisk0\DR0\Partition1
2011/09/16 23:49:49.0404 2224 Boot (0x1200) (c6e05d4f54e67c45556b446e42c8eba8) \Device\Harddisk1\DR1\Partition0
2011/09/16 23:49:49.0404 2224 ================================================================================
2011/09/16 23:49:49.0404 2224 Scan finished
2011/09/16 23:49:49.0404 2224 ================================================================================
2011/09/16 23:49:49.0420 4808 Detected object count: 0
2011/09/16 23:49:49.0420 4808 Actual detected object count: 0

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:05 PM

Posted 17 September 2011 - 10:53 AM

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users