Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hitman Pro detecting Proxy Server


  • Please log in to reply
9 replies to this topic

#1 catstanley

catstanley

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 05 November 2011 - 02:16 PM

Hi. We picked up a "find-help-fast.com" virus. Managed to get the redirections stopped with a combination of of Malwarebytes, Hitman pro, Spybot and Superanti Spyware, but Hitman pro is still detecting a proxy server. Looks like this still may be an issue. Running Microsoft XP Professional version 2002 w/service pack 3.

Any assistance you can provide will be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:45 PM

Posted 05 November 2011 - 08:36 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 catstanley

catstanley
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 06 November 2011 - 10:37 AM

Thanks so much for your quick reply.

Security Check Log:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
McAfee Security Scan Plus
McAfee SecurityCenter
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java DB 10.5.3.0
Java™ 6 Update 22
Java™ 6 Update 5
Java™ SE Development Kit 6 Update 20
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (3.1.10) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Cox Secure Online Backup for Windows vewatch.exe
``````````End of Log````````````

Minitool box Log:

MiniToolBox by Farbar
Ran by Cathy (administrator) on 06-11-2011 at 08:27:57
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 14238 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 5"

set address name="Local Area Connection 5" source=dhcp
set dns name="Local Area Connection 5" source=dhcp register=PRIMARY
set wins name="Local Area Connection 5" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : D6WGPTG1

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 5:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-1E-C9-4F-DE-EE

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Sunday, November 06, 2011 7:54:34 AM

Lease Expires . . . . . . . . . . : Monday, November 07, 2011 7:54:34 AM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.64.105, 173.194.64.106, 173.194.64.147, 173.194.64.99
173.194.64.103, 173.194.64.104



Pinging google.com [173.194.64.99] with 32 bytes of data:



Reply from 173.194.64.99: bytes=32 time=51ms TTL=49

Reply from 173.194.64.99: bytes=32 time=64ms TTL=49



Ping statistics for 173.194.64.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 51ms, Maximum = 64ms, Average = 57ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 67.195.160.76, 72.30.2.43, 98.137.149.56, 98.139.180.149
209.191.122.70



Pinging yahoo.com [98.139.180.149] with 32 bytes of data:



Reply from 98.139.180.149: bytes=32 time=93ms TTL=54

Reply from 98.139.180.149: bytes=32 time=85ms TTL=54



Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 85ms, Maximum = 93ms, Average = 89ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e c9 4f de ee ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 10
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 10
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 10
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/05/2011 09:44:38 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/05/2011 09:44:38 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/05/2011 09:44:38 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/05/2011 09:44:38 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/05/2011 09:44:02 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/05/2011 09:44:02 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/05/2011 09:44:02 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/05/2011 09:44:02 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/05/2011 09:44:02 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (11/05/2011 09:44:02 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


System errors:
=============
Error: (11/06/2011 07:54:52 AM) (Source: Service Control Manager) (User: )
Description: The X4HSX32 service failed to start due to the following error:
%%2

Error: (11/06/2011 07:54:52 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (11/05/2011 10:46:15 PM) (Source: Service Control Manager) (User: )
Description: The X4HSX32 service failed to start due to the following error:
%%2

Error: (11/05/2011 10:46:15 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (11/05/2011 09:43:37 AM) (Source: Service Control Manager) (User: )
Description: The X4HSX32 service failed to start due to the following error:
%%2

Error: (11/05/2011 09:43:37 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (11/05/2011 05:27:14 AM) (Source: Service Control Manager) (User: )
Description: The X4HSX32 service failed to start due to the following error:
%%2

Error: (11/05/2011 05:27:14 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (11/04/2011 07:49:33 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

Error: (11/04/2011 07:47:00 PM) (Source: Service Control Manager) (User: )
Description: The X4HSX32 service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (11/05/2011 09:44:38 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (11/05/2011 09:44:38 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (11/05/2011 09:44:38 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (11/05/2011 09:44:38 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (11/05/2011 09:44:02 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (11/05/2011 09:44:02 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (11/05/2011 09:44:02 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (11/05/2011 09:44:02 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (11/05/2011 09:44:02 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (11/05/2011 09:44:02 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.


=========================== Installed Programs ============================

7-Zip 9.20
Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Reader 8.3.1 (Version: 8.3.1)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Advanced Audio FX Engine
Advanced Video FX Engine
Alien Swarm
AnswerWorks 5.0 English Runtime (Version: 008.000.0003)
AutoUpdate (Version: 1.1)
Back to the Future The Game - Episode 1 (Version: 1.0.0.0)
Belarc Advisor 7.2
Bloody Good Time
BufferChm (Version: 82.0.173.000)
CCScore (Version: 7.00.0000.0001)
CDDRV_Installer (Version: 4.60)
Champions Online
Citrix Presentation Server Client (Version: 10.200.2650)
Complete Care Consumer Service Agreement (Version: 2.0.0)
Counter-Strike: Source
Counter-Strike: Source Beta
Cox Secure Online Backup for Windows (Version: 4.6.3619)
CustomerResearchQFolder (Version: 1.00.0000)
CyberLink 2D Creation Pack (Version: 2.0)
CyberLink PhotoNow (Version: 1.1.6904)
CyberLink PowerDirector (Version: 8.0.3022)
CyberLink Romance Pack Vol. 2 (Version: 2.0)
D4200 (Version: 82.0.201.000)
D4200_Help (Version: 82.0.201.000)
DataPilot (Version: 6.00.0000)
Dawn of War - Soulstorm (Version: 1.00.0000)
Dell DataSafe Online (Version: 1.0.21)
Dell Support Center (Version: 3.1.5907.12)
Dell System Restore (Version: 2.00.0000)
Dell Webcam Center
Dell Webcam Manager
DeviceManagementQFolder (Version: 1.00.0000)
DivX Codec (Version: 6.8.3)
DivX Converter (Version: 6.6.1)
DivX Player (Version: 6.8.2)
DivX Web Player (Version: 1.4.0)
dj_sf_ProductContext (Version: 82.0.201.000)
dj_sf_software (Version: 82.0.201.000)
dj_sf_software_req (Version: 82.0.201.000)
Documentation & Support Launcher (Version: 1.00.0000)
Download Manager 2.3.7 (Version: 2.3.7)
Dragon Age: Origins (Version: 1.00)
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.00.802 (Version: 01.13.00.8029)
ESET Online Scanner v3
ESSBrwr (Version: 8.00.0000.0001)
ESSCDBK (Version: 8.00.0000.0001)
ESScore (Version: 8.00.0000.0001)
ESSgui (Version: 8.00.0000.0001)
ESSini (Version: 8.00.0000.0001)
ESSPCD (Version: 7.01.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 8.00.0000.0001)
eSupportQFolder (Version: 1.00.0000)
Flickr Uploadr 3.2.1
Games, Music, & Photos Launcher (Version: 1.00.0000)
GameTap Player
GameTap Web Player
Garry's Mod
GIMP 2.6.7
Google Chrome (Version: 15.0.874.106)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.79)
GoToAssist 8.0.0.514
Haali Media Splitter
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Hitman Pro 3.5 (Version: 3.5.9.131)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Deskjet 8.0 Software (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Product Assistant (Version: 100.000.001.000)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 5.003.001.001)
HPProductAssistant (Version: 82.0.173.000)
HPSSupply (Version: 2.1.3.0000)
Internet Service Offers Launcher (Version: 1.00.0000)
Java Auto Updater (Version: 2.0.2.4)
Java DB 10.5.3.0 (Version: 10.5.3.0)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ SE Development Kit 6 Update 20 (Version: 1.6.0.200)
KhalInstallWrapper (Version: 4.60.122)
Kodak EasyShare software
LanUpdate (Version: 1.08.000)
Live! Cam Avatar Creator (Version: 4.5.3104.1)
Live! Cam Avatar v1.0 (Version: 1.0)
Logitech MouseWare 9.79.1
Logitech SetPoint (Version: 4.60)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MarketResearch (Version: 82.0.174.000)
McAfee Security Scan Plus (Version: 2.0.181.2)
McAfee SecurityCenter (Version: 10.5.247)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliType Pro 6.1 (Version: 6.10.156.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)
Mouse Suite for Desktop Computers (Version: 2.50.025)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
Mozilla Thunderbird (3.1.10) (Version: 3.1.10 (en-US))
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
Musicmatch for Windows Media Player (Version: 0.00.000)
NCsoft Launcher (Version: 1.5.7.0)
netbrdg (Version: 7.01.0000.0001)
Netflix Movie Viewer (Version: 1.2.211)
Netgear Update Assistant (Version: 1.08)
NVIDIA Drivers (Version: 1.3)
NVIDIA Performance (Version: 1.00.0000)
NVIDIA PhysX (Version: 9.10.0129)
NVIDIA System Monitor (Version: 1.00.0000)
OfotoXMI (Version: 7.02.0000.0001)
OpenOffice.org 3.1 (Version: 3.1.9420)
Origin (Version: 8.2.1.458)
OverDrive Media Console (Version: 3.2.5)
Pando Media Booster (Version: 2.3.5.1)
Picasa 3 (Version: 3.8)
Portal
PowerDVD (Version: 7.0)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 4.1.0.11)
PRS-500 USB driver (Version: 1.0.00.08110)
Puzzle Agent 2 (Version: 1.0.0.15)
QualXServ Service Agreement (Version: 2.0.0)
QuickTime (Version: 7.68.75.0)
Realtek High Definition Audio Driver
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
ScrewDrivers Client v4 (Version: 4.1.07.30)
SearchAssist
Setup 1.0
SFR (Version: 7.01.0000.0003)
SHASTA (Version: 7.01.0000.0001)
skin0001 (Version: 8.00.0000.0001)
SKINXSDK (Version: 7.01.0000.0001)
SmartSound Quicktracks Plugin (Version: 3.0.3.0)
SolutionCenter (Version: 82.0.188.000)
SPORE™ (Version: 1.05.0001)
Spybot - Search & Destroy (Version: 1.6.2)
Star Wars Jedi Knight: Jedi Academy
staticcr (Version: 8.00.0000.0001)
Status (Version: 82.0.173.000)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.0.1134)
Susteen Launcher (Version: 1.00.0000)
Synergy
Team Fortress 2
Tom Clancy's Rainbow Six Vegas 2 (Version: 1.03)
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 82.0.188.000)
TurboTax 2008
TurboTax 2008 waziper (Version: 008.000.0117)
TurboTax 2008 WinPerFedFormset (Version: 008.000.0338)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0218)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0190)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.1000)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0428)
TurboTax 2008 wrapper (Version: 008.000.0065)
Unity Web Player (Version: 2.5.4b3_944)
UnloadSupport (Version: 1.00.0000)
USB-IrDA Adapter
VPRINTOL (Version: 7.01.0000.0001)
Warhammer 40,000: Dawn Of War - Platinum Edition (Version: 1.51)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 82.0.173.000)
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080) (Version: 08/08/2006 1.0.03.08080)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
WIRELESS (Version: 7.02.0000.0001)
World of Warcraft (Version: 4.0.3.13329)

========================= Memory info: ===================================

Percentage of memory in use: 21%
Total physical RAM: 3069.4 MB
Available physical RAM: 2422.4 MB
Total Pagefile: 4954.56 MB
Available Pagefile: 4211.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.95 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:695.27 GB) (Free:396.45 GB) NTFS

========================= Users: ========================================

User accounts for \\D6WGPTG1

Administrator Cathy Guest
HelpAssistant SUPPORT_388945a0


**** End of log ****

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8096

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/6/2011 8:35:47 AM
mbam-log-2011-11-06 (08-35-47).txt

Scan type: Quick scan
Objects scanned: 188551
Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER Report to follow.

#4 catstanley

catstanley
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 06 November 2011 - 07:24 PM

GMER Report:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-06 17:21:55
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port3Path0Target0Lun0 Hitachi_ rev.GK8O
Running: j3l2j46i.exe; Driver: C:\DOCUME~1\Cathy\LOCALS~1\Temp\ugdyapob.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9E4E210]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9E4E224]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9E4E250]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9E4E2A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9E4E1FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9E4E1D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9E4E1E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9E4E23A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9E4E27C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9E4E266]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9E4E2D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9E4E2BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9E4E290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B9E4E294 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8F15360, 0x3541AF, 0xE8000020]
init C:\WINDOWS\system32\Drivers\OEM05Afx.sys entry point in "init" section [0xA9036310]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA0C64300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA478300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[476] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[476] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[956] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E70000
.text C:\WINDOWS\Explorer.EXE[956] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E7002C
.text C:\WINDOWS\Explorer.EXE[956] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E70011
.text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D30FEF
.text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D30F79
.text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D30064
.text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D30F8A
.text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D30047
.text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D30FB6
.text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D300A4
.text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D30F5C
.text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D30F1C
.text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D30F2D
.text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D30F01
.text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D30FA5
.text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D30000
.text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D30089
.text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D30022
.text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D30011
.text C:\WINDOWS\Explorer.EXE[956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D300B5
.text C:\WINDOWS\Explorer.EXE[956] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01540FA8
.text C:\WINDOWS\Explorer.EXE[956] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0154001E
.text C:\WINDOWS\Explorer.EXE[956] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01540FC3
.text C:\WINDOWS\Explorer.EXE[956] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01540FDE
.text C:\WINDOWS\Explorer.EXE[956] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01540F61
.text C:\WINDOWS\Explorer.EXE[956] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01540FEF
.text C:\WINDOWS\Explorer.EXE[956] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01540F7C
.text C:\WINDOWS\Explorer.EXE[956] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [74, 89] {JZ 0xffffffffffffff8b}
.text C:\WINDOWS\Explorer.EXE[956] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01540F8D
.text C:\WINDOWS\Explorer.EXE[956] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EA0F90
.text C:\WINDOWS\Explorer.EXE[956] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EA001B
.text C:\WINDOWS\Explorer.EXE[956] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EA0FC6
.text C:\WINDOWS\Explorer.EXE[956] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EA0000
.text C:\WINDOWS\Explorer.EXE[956] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EA0FAB
.text C:\WINDOWS\Explorer.EXE[956] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EA0FE3
.text C:\WINDOWS\Explorer.EXE[956] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00E8000A
.text C:\WINDOWS\Explorer.EXE[956] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\Explorer.EXE[956] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 00E80FD4
.text C:\WINDOWS\Explorer.EXE[956] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 00E80FB9
.text C:\WINDOWS\Explorer.EXE[956] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E90FE5
.text C:\WINDOWS\system32\services.exe[1184] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0005000A
.text C:\WINDOWS\system32\services.exe[1184] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00050036
.text C:\WINDOWS\system32\services.exe[1184] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00050025
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00040089
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00040078
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00040051
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00040040
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00040FB9
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00040F63
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000400B5
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000400E1
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000400D0
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00040F37
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00040F9E
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 000400A4
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00040025
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00040FDE
.text C:\WINDOWS\system32\services.exe[1184] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00040F52
.text C:\WINDOWS\system32\services.exe[1184] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006C0FC0
.text C:\WINDOWS\system32\services.exe[1184] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006C0058
.text C:\WINDOWS\system32\services.exe[1184] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006C0011
.text C:\WINDOWS\system32\services.exe[1184] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006C0FDB
.text C:\WINDOWS\system32\services.exe[1184] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006C0047
.text C:\WINDOWS\system32\services.exe[1184] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006C0000
.text C:\WINDOWS\system32\services.exe[1184] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006C0FA5
.text C:\WINDOWS\system32\services.exe[1184] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8C, 88]
.text C:\WINDOWS\system32\services.exe[1184] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006C0022
.text C:\WINDOWS\system32\services.exe[1184] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070FB7
.text C:\WINDOWS\system32\services.exe[1184] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070FD2
.text C:\WINDOWS\system32\services.exe[1184] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0007001D
.text C:\WINDOWS\system32\services.exe[1184] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070FE3
.text C:\WINDOWS\system32\services.exe[1184] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00070042
.text C:\WINDOWS\system32\services.exe[1184] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1184] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\lsass.exe[1208] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\lsass.exe[1208] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C20025
.text C:\WINDOWS\system32\lsass.exe[1208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BD0098
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BD0FA3
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BD007D
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BD006C
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BD0FCA
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BD0F72
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BD00BA
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BD00FA
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BD00DF
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BD010B
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BD005B
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD000A
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BD00A9
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BD0036
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BD001B
.text C:\WINDOWS\system32\lsass.exe[1208] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BD0F61
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DD002C
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DD0062
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DD001B
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DD000A
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DD0FA5
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DD0FE5
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DD0FB6
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FD, 88]
.text C:\WINDOWS\system32\lsass.exe[1208] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DD003D
.text C:\WINDOWS\system32\lsass.exe[1208] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DC0FB9
.text C:\WINDOWS\system32\lsass.exe[1208] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DC0044
.text C:\WINDOWS\system32\lsass.exe[1208] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DC0029
.text C:\WINDOWS\system32\lsass.exe[1208] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\lsass.exe[1208] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DC0FD4
.text C:\WINDOWS\system32\lsass.exe[1208] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DC0018
.text C:\WINDOWS\system32\lsass.exe[1208] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DB0000
.text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C6001B
.text C:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C60FE5
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C500D5
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C500BA
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C500A9
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C50098
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C5006C
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C50FB9
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C50101
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C50141
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C50F9E
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C50F83
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C5007D
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C50025
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C500F0
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C50047
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C50036
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C5011C
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 024A000A
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 024A0036
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 024A0FC3
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 024A0FD4
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 024A0F79
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 024A0FE5
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 024A0F8A
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [6A, 8A] {PUSH -0x76}
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 024A001B
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C80028
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C80F93
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C80FB5
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C80FA4
.text C:\WINDOWS\system32\svchost.exe[1384] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C80FD2
.text C:\WINDOWS\system32\svchost.exe[1384] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C70000
.text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B60025
.text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B5007D
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B50062
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B50051
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B50F94
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B50FB9
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B50098
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B50F50
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B50F1A
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B50F35
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B50EFF
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B50040
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B50FE5
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B50F77
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B50025
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B50FD4
.text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B500A9
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD002C
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD0073
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD001B
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD000A
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD0FB6
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BD0058
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD0047
.text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B80062
.text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B80FCD
.text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B80FDE
.text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B8000C
.text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B80033
.text C:\WINDOWS\system32\svchost.exe[1452] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[1452] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B70FE5
.text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A0FEF
.text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003A001B
.text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003A000A
.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00390FE5
.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00390F52
.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00390051
.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00390F77
.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00390F94
.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00390FB9
.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00390F1A
.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00390F2B
.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003900A2
.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00390087
.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00390EE4
.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00390040
.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00390000
.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00390062
.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0039001B
.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00390FCA
.text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00390F09
.text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00380011
.text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00380F79
.text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00380FC0
.text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00380FDB
.text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00380F94
.text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00380000
.text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0038002C
.text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00380FA5
.text C:\WINDOWS\system32\svchost.exe[1496] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CE0F9C
.text C:\WINDOWS\system32\svchost.exe[1496] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CE0027
.text C:\WINDOWS\system32\svchost.exe[1496] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CE0FC1
.text C:\WINDOWS\system32\svchost.exe[1496] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CE0FEF
.text C:\WINDOWS\system32\svchost.exe[1496] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CE0016
.text C:\WINDOWS\system32\svchost.exe[1496] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CE0FD2
.text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 00370000
.text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 00370FE5
.text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 00370025
.text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 00370FD4
.text C:\WINDOWS\system32\svchost.exe[1496] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D10FD4
.text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D1000A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00820FEF
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00820F6D
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0082006C
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00820F92
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00820051
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00820FB9
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008200A9
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0082008E
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008200BA
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00820F21
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008200CB
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00820040
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0082000A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0082007D
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00820FD4
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00820025
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00820F3C
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00810025
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00810069
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00810014
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00810FDE
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00810058
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00810FEF
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00810047
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00810036
.text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E0F97
.text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E0FA8
.text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E0FDE
.text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E0FEF
.text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E0FC3
.text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E000C
.text C:\WINDOWS\System32\svchost.exe[1580] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 025E0000
.text C:\WINDOWS\System32\svchost.exe[1580] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 025E0011
.text C:\WINDOWS\System32\svchost.exe[1580] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 025E0FE5
.text C:\WINDOWS\System32\svchost.exe[1580] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025D0000
.text C:\WINDOWS\System32\svchost.exe[1580] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 025D0F63
.text C:\WINDOWS\System32\svchost.exe[1580] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 025D0058
.text C:\WINDOWS\System32\svchost.exe[1580] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025D0047
.text C:\WINDOWS\System32\svchost.exe[1580] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 025D0F8A
.text C:\WINDOWS\System32\svchost.exe[1580] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 025D0022
.text C:\WINDOWS\System32\svchost.exe[1580] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 025D0F37
.text C:\WINDOWS\System32\svchost.exe[1580] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 025D0F48
.text C:\WINDOWS\System32\svchost.exe[1580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025D00A4
.text C:\WINDOWS\System32\svchost.exe[1580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025D0F0B
.text C:\WINDOWS\System32\svchost.exe[1580] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 025D0EF0
.text C:\WINDOWS\System32\svchost.exe[1580] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 025D0F9B
.text C:\WINDOWS\System32\svchost.exe[1580] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 025D0011
.text C:\WINDOWS\System32\svchost.exe[1580] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 025D0073
.text C:\WINDOWS\System32\svchost.exe[1580] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 025D0FC0
.text C:\WINDOWS\System32\svchost.exe[1580] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 025D0FD1
.text C:\WINDOWS\System32\svchost.exe[1580] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 025D0F26
.text C:\WINDOWS\System32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0266004A
.text C:\WINDOWS\System32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02660F9E
.text C:\WINDOWS\System32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02660FEF
.text C:\WINDOWS\System32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0266001B
.text C:\WINDOWS\System32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02660FAF
.text C:\WINDOWS\System32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0266000A
.text C:\WINDOWS\System32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02660FCA
.text C:\WINDOWS\System32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [86, 8A]
.text C:\WINDOWS\System32\svchost.exe[1580] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0266005B
.text C:\WINDOWS\System32\svchost.exe[1580] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02650FC8
.text C:\WINDOWS\System32\svchost.exe[1580] msvcrt.dll!system 77C293C7 5 Bytes JMP 02650053
.text C:\WINDOWS\System32\svchost.exe[1580] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02650FE3
.text C:\WINDOWS\System32\svchost.exe[1580] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02650000
.text C:\WINDOWS\System32\svchost.exe[1580] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02650038
.text C:\WINDOWS\System32\svchost.exe[1580] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0265001D
.text C:\WINDOWS\System32\svchost.exe[1580] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02600000
.text C:\WINDOWS\System32\svchost.exe[1580] WININET.dll!InternetOpenA 3D95D698 5 Bytes JMP 025F0000
.text C:\WINDOWS\System32\svchost.exe[1580] WININET.dll!InternetOpenW 3D95DB11 5 Bytes JMP 025F0011
.text C:\WINDOWS\System32\svchost.exe[1580] WININET.dll!InternetOpenUrlA 3D95F3AC 5 Bytes JMP 025F0022
.text C:\WINDOWS\System32\svchost.exe[1580] WININET.dll!InternetOpenUrlW 3D9A6D6F 5 Bytes JMP 025F003D
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00380FEF
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00380014
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00380FD4
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00370000
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0037005A
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00370F6F
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00370F80
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00370F9B
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0037002C
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0037007C
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0037006B
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00370EFE
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00370097
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003700A8
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0037003D
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0037001B
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00370F40
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00370FC0
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00370FDB
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00370F19
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 003A0040
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 003A0FC3
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 003A0025
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 003A0FEF
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 003A0080
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 003A000A
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 003A0FDE
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [5A, 88]
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 003A005B
.text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00390066
.text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!system 77C293C7 5 Bytes JMP 00390055
.text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00390029
.text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00390FEF
.text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0039003A
.text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0039000C
.text C:\WINDOWS\system32\svchost.exe[1800] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\svchost.exe[1800] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C80025
.text C:\WINDOWS\system32\svchost.exe[1800] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C80014
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C60F7E
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60F8F
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C60069
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60FB6
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C6004E
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C600B0
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C6009F
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C600ED
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C600D2
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C60108
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C60FC7
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C60011
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C60084
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C6003D
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C6002C
.text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C600C1
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C5001B
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C50F72
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C50FCA
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C50FE5
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C50F8D
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C50F9E
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E5, 88] {IN EAX, 0x88}
.text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C50FAF
.text C:\WINDOWS\system32\svchost.exe[1800] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C9005A
.text C:\WINDOWS\system32\svchost.exe[1800] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C90049
.text C:\WINDOWS\system32\svchost.exe[1800] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C9002E
.text C:\WINDOWS\system32\svchost.exe[1800] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C90000
.text C:\WINDOWS\system32\svchost.exe[1800] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C90FD9
.text C:\WINDOWS\system32\svchost.exe[1800] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C90011
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E50000
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E50FDB
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E50011
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E40F5E
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E40053
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E40F79
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E40036
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E40FA5
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E40F17
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E40F32
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E400A6
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E40095
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E400C1
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E40F94
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E40FE5
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CreatePipe 7C81D83F 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E40F43
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E4001B
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E40FCA
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E4007A
.text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E8005B
.text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E80FAF
.text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E80040
.text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E80025
.text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E80FCA
.text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E80000
.text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E80FE5
.text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [08, 89]
.text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E8006C
.text C:\WINDOWS\system32\svchost.exe[1840] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E70F9A
.text C:\WINDOWS\system32\svchost.exe[1840] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E70025
.text C:\WINDOWS\system32\svchost.exe[1840] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E70FC6
.text C:\WINDOWS\system32\svchost.exe[1840] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E70FE3
.text C:\WINDOWS\system32\svchost.exe[1840] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E70FAB
.text C:\WINDOWS\system32\svchost.exe[1840] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E70000
.text C:\WINDOWS\system32\svchost.exe[1840] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E60FEF
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D60FC3
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D60FD4
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D50FE5
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D5007F
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D5006E
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D50F94
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D50051
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D50025
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D500B0
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D50F5E
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D500CB
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D50F32
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D50F17
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D50040
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D50FD4
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D50F6F
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D50014
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D50FC3
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D50F43
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D90025
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D90F8D
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D9000A
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D90FD4
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D90FA8
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D9004A
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D90FB9
.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D80F6B
.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D80F86
.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D80FBC
.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D80FA1
.text C:\WINDOWS\system32\svchost.exe[1972] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D80FE3
.text C:\WINDOWS\system32\svchost.exe[1972] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D70000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\mfevtps.exe[964] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\WINDOWS\system32\mfevtps.exe[964] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:45 PM

Posted 06 November 2011 - 07:47 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 catstanley

catstanley
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 07 November 2011 - 10:36 PM

Thanks again for taking the time to look over all this stuff!

TDSSKiller Report:

20:34:27.0015 3288 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
20:34:27.0828 3288 ============================================================
20:34:27.0828 3288 Current date / time: 2011/11/07 20:34:27.0828
20:34:27.0828 3288 SystemInfo:
20:34:27.0828 3288
20:34:27.0828 3288 OS Version: 5.1.2600 ServicePack: 3.0
20:34:27.0828 3288 Product type: Workstation
20:34:27.0828 3288 ComputerName: D6WGPTG1
20:34:27.0828 3288 UserName: Cathy
20:34:27.0828 3288 Windows directory: C:\WINDOWS
20:34:27.0828 3288 System windows directory: C:\WINDOWS
20:34:27.0828 3288 Processor architecture: Intel x86
20:34:27.0828 3288 Number of processors: 4
20:34:27.0828 3288 Page size: 0x1000
20:34:27.0828 3288 Boot type: Normal boot
20:34:27.0828 3288 ============================================================
20:34:28.0171 3288 Initialize success
20:34:42.0625 0660 ============================================================
20:34:42.0625 0660 Scan started
20:34:42.0625 0660 Mode: Manual;
20:34:42.0625 0660 ============================================================
20:34:42.0781 0660 Abiosdsk - ok
20:34:42.0828 0660 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:34:42.0828 0660 abp480n5 - ok
20:34:42.0875 0660 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:34:42.0875 0660 ACPI - ok
20:34:42.0921 0660 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:34:42.0921 0660 ACPIEC - ok
20:34:42.0937 0660 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:34:42.0937 0660 adpu160m - ok
20:34:42.0968 0660 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:34:42.0968 0660 aec - ok
20:34:43.0015 0660 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:34:43.0031 0660 AFD - ok
20:34:43.0062 0660 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:34:43.0062 0660 agp440 - ok
20:34:43.0093 0660 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:34:43.0093 0660 agpCPQ - ok
20:34:43.0140 0660 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:34:43.0140 0660 Aha154x - ok
20:34:43.0156 0660 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:34:43.0156 0660 aic78u2 - ok
20:34:43.0187 0660 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:34:43.0187 0660 aic78xx - ok
20:34:43.0203 0660 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:34:43.0203 0660 AliIde - ok
20:34:43.0218 0660 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:34:43.0218 0660 alim1541 - ok
20:34:43.0250 0660 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:34:43.0250 0660 amdagp - ok
20:34:43.0265 0660 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:34:43.0265 0660 amsint - ok
20:34:43.0296 0660 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:34:43.0296 0660 Arp1394 - ok
20:34:43.0328 0660 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:34:43.0328 0660 asc - ok
20:34:43.0343 0660 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:34:43.0343 0660 asc3350p - ok
20:34:43.0359 0660 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:34:43.0359 0660 asc3550 - ok
20:34:43.0437 0660 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:34:43.0437 0660 AsyncMac - ok
20:34:43.0437 0660 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:34:43.0437 0660 atapi - ok
20:34:43.0453 0660 Atdisk - ok
20:34:43.0484 0660 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
20:34:43.0500 0660 atksgt - ok
20:34:43.0531 0660 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:34:43.0531 0660 Atmarpc - ok
20:34:43.0578 0660 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:34:43.0578 0660 audstub - ok
20:34:43.0609 0660 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
20:34:43.0609 0660 BANTExt - ok
20:34:43.0656 0660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:34:43.0656 0660 Beep - ok
20:34:43.0718 0660 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
20:34:43.0718 0660 BVRPMPR5 - ok
20:34:43.0796 0660 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:34:43.0796 0660 cbidf - ok
20:34:43.0796 0660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:34:43.0796 0660 cbidf2k - ok
20:34:43.0828 0660 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:34:43.0828 0660 CCDECODE - ok
20:34:43.0843 0660 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:34:43.0843 0660 cd20xrnt - ok
20:34:43.0843 0660 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:34:43.0859 0660 Cdaudio - ok
20:34:43.0875 0660 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:34:43.0875 0660 Cdfs - ok
20:34:43.0921 0660 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:34:43.0921 0660 Cdrom - ok
20:34:43.0968 0660 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
20:34:43.0968 0660 cfwids - ok
20:34:43.0968 0660 Changer - ok
20:34:44.0015 0660 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:34:44.0015 0660 CmdIde - ok
20:34:44.0078 0660 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:34:44.0078 0660 Cpqarray - ok
20:34:44.0109 0660 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:34:44.0109 0660 dac2w2k - ok
20:34:44.0125 0660 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:34:44.0125 0660 dac960nt - ok
20:34:44.0140 0660 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:34:44.0140 0660 Disk - ok
20:34:44.0187 0660 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:34:44.0203 0660 dmboot - ok
20:34:44.0203 0660 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:34:44.0203 0660 dmio - ok
20:34:44.0218 0660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:34:44.0218 0660 dmload - ok
20:34:44.0250 0660 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:34:44.0250 0660 DMusic - ok
20:34:44.0281 0660 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:34:44.0281 0660 dpti2o - ok
20:34:44.0296 0660 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:34:44.0296 0660 drmkaud - ok
20:34:44.0312 0660 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:34:44.0312 0660 E100B - ok
20:34:44.0343 0660 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:34:44.0359 0660 Fastfat - ok
20:34:44.0375 0660 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:34:44.0375 0660 Fdc - ok
20:34:44.0390 0660 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:34:44.0390 0660 Fips - ok
20:34:44.0421 0660 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:34:44.0421 0660 Flpydisk - ok
20:34:44.0437 0660 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:34:44.0437 0660 FltMgr - ok
20:34:44.0453 0660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:34:44.0453 0660 Fs_Rec - ok
20:34:44.0453 0660 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:34:44.0453 0660 Ftdisk - ok
20:34:44.0484 0660 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:34:44.0484 0660 Gpc - ok
20:34:44.0500 0660 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:34:44.0500 0660 HDAudBus - ok
20:34:44.0500 0660 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:34:44.0515 0660 HidUsb - ok
20:34:44.0531 0660 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:34:44.0531 0660 hpn - ok
20:34:44.0609 0660 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:34:44.0609 0660 HTTP - ok
20:34:44.0703 0660 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:34:44.0703 0660 i2omgmt - ok
20:34:44.0734 0660 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:34:44.0734 0660 i2omp - ok
20:34:44.0734 0660 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:34:44.0734 0660 i8042prt - ok
20:34:44.0750 0660 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:34:44.0750 0660 Imapi - ok
20:34:44.0765 0660 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:34:44.0765 0660 ini910u - ok
20:34:44.0890 0660 IntcAzAudAddService (eb5608fd4f2961517ac9f5cac88b023b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:34:44.0906 0660 IntcAzAudAddService - ok
20:34:44.0953 0660 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:34:44.0953 0660 IntelIde - ok
20:34:44.0968 0660 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:34:44.0968 0660 intelppm - ok
20:34:45.0000 0660 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:34:45.0000 0660 Ip6Fw - ok
20:34:45.0031 0660 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:34:45.0031 0660 IpFilterDriver - ok
20:34:45.0078 0660 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:34:45.0078 0660 IpInIp - ok
20:34:45.0125 0660 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:34:45.0125 0660 IpNat - ok
20:34:45.0140 0660 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:34:45.0140 0660 IPSec - ok
20:34:45.0156 0660 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:34:45.0156 0660 IRENUM - ok
20:34:45.0187 0660 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:34:45.0187 0660 isapnp - ok
20:34:45.0218 0660 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:34:45.0218 0660 Kbdclass - ok
20:34:45.0218 0660 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:34:45.0218 0660 kbdhid - ok
20:34:45.0234 0660 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:34:45.0234 0660 kmixer - ok
20:34:45.0265 0660 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:34:45.0265 0660 KSecDD - ok
20:34:45.0281 0660 lbrtfdc - ok
20:34:45.0343 0660 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
20:34:45.0343 0660 LHidFilt - ok
20:34:45.0390 0660 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
20:34:45.0390 0660 lirsgt - ok
20:34:45.0390 0660 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
20:34:45.0390 0660 LMouFilt - ok
20:34:45.0406 0660 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
20:34:45.0406 0660 LUsbFilt - ok
20:34:45.0453 0660 MCSTRM - ok
20:34:45.0500 0660 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
20:34:45.0500 0660 mfeapfk - ok
20:34:45.0515 0660 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
20:34:45.0515 0660 mfeavfk - ok
20:34:45.0515 0660 mfeavfk01 - ok
20:34:45.0531 0660 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
20:34:45.0531 0660 mfebopk - ok
20:34:45.0546 0660 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
20:34:45.0546 0660 mfefirek - ok
20:34:45.0562 0660 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
20:34:45.0562 0660 mfehidk - ok
20:34:45.0578 0660 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
20:34:45.0578 0660 mfendisk - ok
20:34:45.0578 0660 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
20:34:45.0578 0660 mfendiskmp - ok
20:34:45.0593 0660 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
20:34:45.0609 0660 mferkdet - ok
20:34:45.0640 0660 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
20:34:45.0640 0660 mferkdk - ok
20:34:45.0703 0660 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
20:34:45.0703 0660 mfesmfk - ok
20:34:45.0703 0660 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
20:34:45.0703 0660 mfetdi2k - ok
20:34:45.0718 0660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:34:45.0718 0660 mnmdd - ok
20:34:45.0750 0660 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:34:45.0750 0660 Modem - ok
20:34:45.0750 0660 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:34:45.0750 0660 Mouclass - ok
20:34:45.0765 0660 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:34:45.0765 0660 mouhid - ok
20:34:45.0796 0660 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:34:45.0796 0660 MountMgr - ok
20:34:45.0843 0660 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:34:45.0843 0660 mraid35x - ok
20:34:45.0859 0660 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:34:45.0859 0660 MRxDAV - ok
20:34:45.0890 0660 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:34:45.0906 0660 MRxSmb - ok
20:34:45.0937 0660 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:34:45.0937 0660 Msfs - ok
20:34:45.0953 0660 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:34:45.0953 0660 MSKSSRV - ok
20:34:45.0968 0660 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:34:45.0968 0660 MSPCLOCK - ok
20:34:46.0000 0660 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:34:46.0000 0660 MSPQM - ok
20:34:46.0000 0660 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:34:46.0000 0660 mssmbios - ok
20:34:46.0031 0660 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:34:46.0031 0660 MSTEE - ok
20:34:46.0062 0660 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:34:46.0078 0660 Mup - ok
20:34:46.0156 0660 musbehco - ok
20:34:46.0187 0660 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:34:46.0187 0660 NABTSFEC - ok
20:34:46.0218 0660 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:34:46.0218 0660 NDIS - ok
20:34:46.0250 0660 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:34:46.0250 0660 NdisIP - ok
20:34:46.0281 0660 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:34:46.0281 0660 NdisTapi - ok
20:34:46.0296 0660 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:34:46.0296 0660 Ndisuio - ok
20:34:46.0312 0660 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:34:46.0312 0660 NdisWan - ok
20:34:46.0359 0660 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:34:46.0359 0660 NDProxy - ok
20:34:46.0359 0660 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:34:46.0359 0660 NetBIOS - ok
20:34:46.0375 0660 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:34:46.0375 0660 NetBT - ok
20:34:46.0406 0660 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:34:46.0406 0660 NIC1394 - ok
20:34:46.0406 0660 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:34:46.0421 0660 Npfs - ok
20:34:46.0437 0660 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:34:46.0453 0660 Ntfs - ok
20:34:46.0468 0660 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:34:46.0468 0660 Null - ok
20:34:46.0625 0660 nv (90a2fe4b6e558e05e88e4517001a33ea) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:34:46.0687 0660 nv - ok
20:34:46.0765 0660 NVENETFD (d314fe034d68c09d412727886e24f5fb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
20:34:46.0765 0660 NVENETFD - ok
20:34:46.0796 0660 nvgts (8eb82606fcd8c5d039ada33bd46fe7f8) C:\WINDOWS\system32\drivers\nvgts.sys
20:34:46.0796 0660 nvgts - ok
20:34:46.0843 0660 nvnetbus (f99fbb623ed78367574ee461b5b32c2c) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
20:34:46.0843 0660 nvnetbus - ok
20:34:46.0890 0660 NVR0Dev (812f257ed1cd53fcb1f9f9cc910f4809) C:\WINDOWS\nvoclock.sys
20:34:47.0984 0660 NVR0Dev - ok
20:34:48.0125 0660 nvrd32 (6b1b4e25277a99a6b515cf124d6060e0) C:\WINDOWS\system32\drivers\nvrd32.sys
20:34:48.0125 0660 nvrd32 - ok
20:34:48.0187 0660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:34:48.0187 0660 NwlnkFlt - ok
20:34:48.0203 0660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:34:48.0203 0660 NwlnkFwd - ok
20:34:48.0265 0660 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
20:34:48.0265 0660 NwlnkIpx - ok
20:34:48.0265 0660 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
20:34:48.0281 0660 NwlnkNb - ok
20:34:48.0296 0660 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
20:34:48.0296 0660 NwlnkSpx - ok
20:34:48.0343 0660 OEM05Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS\system32\Drivers\OEM05Afx.sys
20:34:48.0343 0660 OEM05Afx - ok
20:34:48.0359 0660 OEM05Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM05Vfx.sys
20:34:48.0359 0660 OEM05Vfx - ok
20:34:48.0406 0660 OEM05Vid (3c60c2022cb93073da2574da90c962c2) C:\WINDOWS\system32\DRIVERS\OEM05Vid.sys
20:34:48.0406 0660 OEM05Vid - ok
20:34:48.0421 0660 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:34:48.0421 0660 ohci1394 - ok
20:34:48.0453 0660 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:34:48.0453 0660 Parport - ok
20:34:48.0468 0660 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:34:48.0468 0660 PartMgr - ok
20:34:48.0484 0660 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:34:48.0484 0660 ParVdm - ok
20:34:48.0515 0660 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:34:48.0515 0660 PCI - ok
20:34:48.0531 0660 PCIDump - ok
20:34:48.0531 0660 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:34:48.0531 0660 PCIIde - ok
20:34:48.0562 0660 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:34:48.0562 0660 Pcmcia - ok
20:34:48.0578 0660 PDCOMP - ok
20:34:48.0578 0660 PDFRAME - ok
20:34:48.0593 0660 PDRELI - ok
20:34:48.0593 0660 PDRFRAME - ok
20:34:48.0625 0660 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:34:48.0625 0660 perc2 - ok
20:34:48.0671 0660 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:34:48.0671 0660 perc2hib - ok
20:34:48.0687 0660 pmxmouse (fab495f1defeb596c44b9752a25e2a60) C:\WINDOWS\system32\DRIVERS\pmxmouse.sys
20:34:48.0687 0660 pmxmouse - ok
20:34:48.0718 0660 pmxusblf (1971e853b598bf9baabff2b652e5cd4d) C:\WINDOWS\system32\DRIVERS\pmxusblf.sys
20:34:48.0718 0660 pmxusblf - ok
20:34:48.0734 0660 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:34:48.0750 0660 PptpMiniport - ok
20:34:48.0750 0660 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:34:48.0750 0660 PSched - ok
20:34:48.0765 0660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:34:48.0765 0660 Ptilink - ok
20:34:48.0796 0660 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:34:48.0796 0660 PxHelp20 - ok
20:34:48.0812 0660 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:34:48.0828 0660 ql1080 - ok
20:34:48.0828 0660 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:34:48.0828 0660 Ql10wnt - ok
20:34:48.0843 0660 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:34:48.0843 0660 ql12160 - ok
20:34:48.0859 0660 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:34:48.0859 0660 ql1240 - ok
20:34:48.0875 0660 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:34:48.0875 0660 ql1280 - ok
20:34:48.0921 0660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:34:48.0921 0660 RasAcd - ok
20:34:48.0937 0660 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:34:48.0937 0660 Rasl2tp - ok
20:34:48.0953 0660 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:34:48.0953 0660 RasPppoe - ok
20:34:48.0953 0660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:34:48.0953 0660 Raspti - ok
20:34:48.0968 0660 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:34:48.0968 0660 Rdbss - ok
20:34:48.0984 0660 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:34:48.0984 0660 RDPCDD - ok
20:34:49.0000 0660 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:34:49.0000 0660 rdpdr - ok
20:34:49.0046 0660 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:34:49.0046 0660 RDPWD - ok
20:34:49.0093 0660 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:34:49.0093 0660 redbook - ok
20:34:49.0125 0660 RLDesignVirtualAudioCableWdm (f5cd7457fa2f0d1078992ccb77a546c4) C:\WINDOWS\system32\DRIVERS\livecamv.sys
20:34:49.0125 0660 RLDesignVirtualAudioCableWdm - ok
20:34:49.0203 0660 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:34:49.0203 0660 SASDIFSV - ok
20:34:49.0203 0660 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:34:49.0203 0660 SASKUTIL - ok
20:34:49.0265 0660 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:34:49.0265 0660 Secdrv - ok
20:34:49.0281 0660 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:34:49.0281 0660 serenum - ok
20:34:49.0312 0660 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:34:49.0312 0660 Serial - ok
20:34:49.0375 0660 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:34:49.0375 0660 Sfloppy - ok
20:34:49.0390 0660 Simbad - ok
20:34:49.0437 0660 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:34:49.0437 0660 sisagp - ok
20:34:49.0437 0660 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:34:49.0453 0660 SLIP - ok
20:34:49.0453 0660 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:34:49.0468 0660 Sparrow - ok
20:34:49.0484 0660 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:34:49.0484 0660 splitter - ok
20:34:49.0515 0660 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:34:49.0515 0660 sr - ok
20:34:49.0531 0660 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:34:49.0531 0660 Srv - ok
20:34:49.0562 0660 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:34:49.0562 0660 streamip - ok
20:34:49.0593 0660 SUSTUCAM (9aa00e85c8ddc3da85f3e82344bd4520) C:\WINDOWS\system32\DRIVERS\sustucam.sys
20:34:49.0609 0660 SUSTUCAM - ok
20:34:49.0656 0660 SUSTUCAP (02c4276eac5a0ba4b1bcba082e057118) C:\WINDOWS\system32\DRIVERS\sustucap.sys
20:34:49.0656 0660 SUSTUCAP - ok
20:34:49.0671 0660 SUSTUCAU (7998cd274bf9c236c15370ce248bab6d) C:\WINDOWS\system32\DRIVERS\sustucau.sys
20:34:49.0671 0660 SUSTUCAU - ok
20:34:49.0703 0660 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:34:49.0703 0660 swenum - ok
20:34:49.0734 0660 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:34:49.0734 0660 swmidi - ok
20:34:49.0765 0660 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:34:49.0765 0660 symc810 - ok
20:34:49.0781 0660 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:34:49.0781 0660 symc8xx - ok
20:34:49.0796 0660 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:34:49.0796 0660 sym_hi - ok
20:34:49.0812 0660 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:34:49.0812 0660 sym_u3 - ok
20:34:49.0843 0660 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:34:49.0843 0660 sysaudio - ok
20:34:49.0890 0660 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:34:49.0890 0660 Tcpip - ok
20:34:49.0937 0660 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:34:49.0937 0660 TDPIPE - ok
20:34:49.0953 0660 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:34:49.0953 0660 TDTCP - ok
20:34:49.0984 0660 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:34:49.0984 0660 TermDD - ok
20:34:50.0015 0660 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
20:34:50.0015 0660 TosIde - ok
20:34:50.0046 0660 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:34:50.0046 0660 Udfs - ok
20:34:50.0062 0660 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:34:50.0062 0660 ultra - ok
20:34:50.0078 0660 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:34:50.0078 0660 Update - ok
20:34:50.0109 0660 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:34:50.0109 0660 usbaudio - ok
20:34:50.0156 0660 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:34:50.0156 0660 usbccgp - ok
20:34:50.0203 0660 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:34:50.0203 0660 usbehci - ok
20:34:50.0218 0660 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:34:50.0218 0660 usbhub - ok
20:34:50.0234 0660 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:34:50.0234 0660 usbohci - ok
20:34:50.0281 0660 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:34:50.0281 0660 usbprint - ok
20:34:50.0312 0660 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:34:50.0312 0660 usbscan - ok
20:34:50.0312 0660 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:34:50.0328 0660 USBSTOR - ok
20:34:50.0343 0660 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:34:50.0343 0660 usbuhci - ok
20:34:50.0359 0660 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:34:50.0375 0660 VgaSave - ok
20:34:50.0390 0660 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:34:50.0390 0660 viaagp - ok
20:34:50.0406 0660 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:34:50.0406 0660 ViaIde - ok
20:34:50.0437 0660 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:34:50.0437 0660 VolSnap - ok
20:34:50.0453 0660 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:34:50.0453 0660 Wanarp - ok
20:34:50.0515 0660 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:34:50.0515 0660 Wdf01000 - ok
20:34:50.0531 0660 WDICA - ok
20:34:50.0546 0660 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:34:50.0546 0660 wdmaud - ok
20:34:50.0593 0660 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:34:50.0593 0660 WpdUsb - ok
20:34:50.0625 0660 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:34:50.0625 0660 WSTCODEC - ok
20:34:50.0640 0660 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:34:50.0640 0660 WudfPf - ok
20:34:50.0640 0660 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:34:50.0656 0660 WudfRd - ok
20:34:50.0734 0660 X4HSX32 - ok
20:34:50.0765 0660 xusb21 (a640c90b007762939507c28a021be3b3) C:\WINDOWS\system32\DRIVERS\xusb21.sys
20:34:50.0765 0660 xusb21 - ok
20:34:50.0765 0660 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
20:34:50.0781 0660 \Device\Harddisk0\DR0 - ok
20:34:50.0781 0660 Boot (0x1200) (4f2ad6024944fd85f006b480a69126ab) \Device\Harddisk0\DR0\Partition0
20:34:50.0781 0660 \Device\Harddisk0\DR0\Partition0 - ok
20:34:50.0781 0660 ============================================================
20:34:50.0781 0660 Scan finished
20:34:50.0781 0660 ============================================================
20:34:50.0781 1812 Detected object count: 0
20:34:50.0781 1812 Actual detected object count: 0

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:45 PM

Posted 07 November 2011 - 11:19 PM

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 catstanley

catstanley
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 08 November 2011 - 10:18 PM

aswMBR Log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-08 19:40:23
-----------------------------
19:40:23.750 OS Version: Windows 5.1.2600 Service Pack 3
19:40:23.750 Number of processors: 4 586 0x1707
19:40:23.750 ComputerName: D6WGPTG1 UserName: Cathy
19:40:25.578 Initialize success
19:42:52.281 AVAST engine defs: 11110802
19:43:03.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port3Path0Target0Lun0
19:43:03.406 Disk 0 Vendor: Hitachi_ GK8O Size: 715404MB BusType: 8
19:43:03.406 Device \Driver\nvgts -> DriverStartIo SCSIPORT.SYS b9ead40e
19:43:03.421 Disk 0 MBR read successfully
19:43:03.421 Disk 0 MBR scan
19:43:03.453 Disk 0 unknown MBR code
19:43:03.453 Disk 0 scanning sectors +1465144065
19:43:03.546 Disk 0 scanning C:\WINDOWS\system32\drivers
19:43:17.421 Service scanning
19:43:18.734 Modules scanning
19:43:21.218 Disk 0 trace - called modules:
19:43:21.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
19:43:21.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae37818]
19:43:21.234 3 CLASSPNP.SYS[ba0c8fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8ae38920]
19:43:21.234 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port3Path0Target0Lun0[0x8ae38030]
19:43:22.890 AVAST engine scan C:\WINDOWS
19:43:50.328 AVAST engine scan C:\WINDOWS\system32
19:46:14.484 AVAST engine scan C:\WINDOWS\system32\drivers
19:46:31.734 AVAST engine scan C:\Documents and Settings\Cathy
20:07:49.156 AVAST engine scan C:\Documents and Settings\All Users
20:17:05.140 Scan finished successfully
20:17:24.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Cathy\Desktop\MBR.dat"
20:17:24.921 The log file has been saved successfully to "C:\Documents and Settings\Cathy\Desktop\aswMBR.txt"

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:45 PM

Posted 08 November 2011 - 10:46 PM

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 catstanley

catstanley
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 09 November 2011 - 11:47 PM

Thanks so much for your assistance. I will read the information you linked and post as suggested.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users