Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Rootkit Trojan


  • This topic is locked This topic is locked
54 replies to this topic

#1 leelheureux20

leelheureux20

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 05 December 2011 - 12:21 PM

Hello -

I was asked by a moderator to repost my issue with the logs. I followed the instructions and below is per requested.
I was attacked by a virus that tried to sell me fake virus protection software. I couldn't access any programs but followed steps in a previous post, ran RKill, malaware, eset virus scanner etc and removed about 6 trojans.
However eset is unable to delete two viruses. The print out is below.
One of them, the sirefef is puzzling me because I ran a tool to find that on my computer and it says it's not present. However eset keeps picking it up.
My computer will not allow me to turn a firewall on.
I've also used defogger to disable as instructed.

Really in need of help. Really appreciate your time.

Eset log
C:\Windows\System32\drivers\cdrom.sys a variant of Win32/Rootkit.Kryptik.FW trojan unable to clean
Operating memory a variant of Win32/Sirefef.DN trojan


DDS log


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Lee L'Heureux at 7:32:55 on 2011-12-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3536.1985 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8f542503f95f21b\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Common Files\aol\1279558636\ee\aolsoftware.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = about:blank
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111112140720.dll
BHO: {89867A4A-BDEE-4259-964A-B8E87C4892F3} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {EF91116F-DE92-4286-9087-093085152182} - No File
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [HostManager] c:\program files\common files\aol\1279558636\ee\AOLSoftware.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [<NO NAME>]
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: bmnet.dll
LSP: mswsock.dll
Trusted Zone: afstereo.com\aircheck
Trusted Zone: aircheck.net.au\www
Trusted Zone: aircheckindia.com\www
Trusted Zone: mediamonitors.com\www
Trusted Zone: mediamonitors.com.my\www
Trusted Zone: mediamonitors.eu\www
Trusted Zone: mediamonitorsuk.com\www
Trusted Zone: mscore.com\www
DPF: bdsripcab - hxxps://media.bdsrealtime.com/components/bdsripcab.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: Interfaces\{6EC9FBE3-76E5-413D-8C92-21487AAF3120} : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{6EC9FBE3-76E5-413D-8C92-21487AAF3120}\2594550284F64756C60275966496 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{6EC9FBE3-76E5-413D-8C92-21487AAF3120}\76F676F696E666C696768647 : DhcpNameServer = 172.19.134.2
TCP: Interfaces\{6EC9FBE3-76E5-413D-8C92-21487AAF3120}\86F6D656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6EC9FBE3-76E5-413D-8C92-21487AAF3120}\D41696E656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A2572BAF-DF94-4CF7-AB91-5D0D8EA82A79} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A7E4DA0A-886E-4518-A3E3-978A0A0E1A89} : NameServer = 209.183.35.23 209.183.33.23
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lee l'heureux\appdata\roaming\mozilla\firefox\profiles\0qd3002e.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - about:blank|hxxp://www.cnn.com/|http://espn.go.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\lee l'heureux\appdata\roaming\move networks\plugins\npqmp071505000011.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 464176]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-28 165680]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-1-28 64880]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-6-26 812392]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-6-26 26984]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 382752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-18 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-18 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-18 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-28 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-28 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-28 150856]
R3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-10-23 29472]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-10-23 143968]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2009-10-23 33832]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2009-10-23 221912]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-10-23 122368]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-28 180816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-28 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-28 338176]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-10-23 4231680]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-6-3 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-9-18 277440]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-18 214904]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-28 57600]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2009-10-23 134144]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-28 87656]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-10-23 47104]
S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2009-10-23 49152]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-10-23 38400]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2009-8-12 222720]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2009-7-22 148992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-25 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-27 1343400]
S4 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2010-7-27 121416]
S4 CAATT;AT&T Con App Svc;c:\program files\at&t\communication manager\ConAppsSvc.exe [2010-7-27 125512]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-12-05 03:19:43 -------- d-----w- c:\program files\ESET
2011-12-04 18:28:26 294400 ----a-w- c:\users\lee l'heureux\appdata\local\pdl.exe
2011-12-02 15:13:32 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b4c14d4a-7b2b-42bb-a8bf-46a12146546d}\mpengine.dll
2011-11-30 00:31:17 -------- d-----w- c:\program files\YouTubeCMSUploader 1.5.0
2011-11-26 22:42:30 -------- d-----w- c:\users\lee l'heureux\appdata\local\Ilivid Player
2011-11-26 22:40:49 -------- d-----w- c:\program files\iLivid
2011-11-26 22:39:53 -------- d-----w- c:\users\lee l'heureux\appdata\local\PackageAware
2011-11-09 17:52:52 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 17:52:50 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 17:52:49 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 22:20:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-11-08 22:20:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-11-08 22:20:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-11-08 22:20:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-11-08 22:20:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-11-08 22:20:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-11-08 22:20:04 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2011-11-02 02:54:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 19:32:30 150856 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-15 18:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 18:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 18:16:16 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 18:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 18:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 18:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 18:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 18:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 18:16:16 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 18:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
============= FINISH: 7:38:42.21 ===============

ark.txt

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-05 11:58:32
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 rev.
Running: 4qtj77rc.exe; Driver: C:\Users\LEEL'H~1\AppData\Local\Temp\afldqaow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8CDA2498]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8CDA24C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8CDA24AE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8CDA2484]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8347C5C5 5 Bytes JMP 8CDA2488 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!ZwSaveKey + 13D1 8348E349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834C7D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!NtMapViewOfSection 8369743A 7 Bytes JMP 8CDA249C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 836ABA65 5 Bytes JMP 8CDA24C6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 836B56E2 5 Bytes JMP 8CDA24B2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text cdrom.sys 92720000 257 Bytes [90, 90, 90, 90, 90, FF, 25, ...]
.text cdrom.sys 92720103 307 Bytes [66, 39, 48, 34, 74, 55, FF, ...]
.text cdrom.sys 92720237 3 Bytes CALL 92725E30 \SystemRoot\system32\drivers\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation)
.text cdrom.sys 9272023C 27 Bytes [80, 7D, 0F, 00, 74, 27, FF, ...]
.text cdrom.sys 92720258 52 Bytes [00, 6A, 00, 68, 22, 00, 00, ...]
.text ...
? C:\Windows\system32\drivers\cdrom.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[216] kernel32.dll!LoadLibraryA 7571DC65 5 Bytes JMP 6D2799A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[216] kernel32.dll!LoadLibraryW 7571EF42 5 Bytes JMP 6D279A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\services.exe[600] ntdll.dll!NtCreateFile 772755C8 5 Bytes JMP 00CA0FE5
.text C:\Windows\system32\services.exe[600] ntdll.dll!NtCreateProcess 77275698 5 Bytes JMP 00CA0FAF
.text C:\Windows\system32\services.exe[600] ntdll.dll!NtProtectVirtualMemory 77275F18 5 Bytes JMP 00CA0FCA
.text C:\Windows\system32\services.exe[600] kernel32.dll!GetStartupInfoA 756D1E10 5 Bytes JMP 00CB0F3C
.text C:\Windows\system32\services.exe[600] kernel32.dll!CreateProcessW 756D204D 5 Bytes JMP 00CB009B
.text C:\Windows\system32\services.exe[600] kernel32.dll!CreateProcessA 756D2082 5 Bytes JMP 00CB0F06
.text C:\Windows\system32\services.exe[600] kernel32.dll!CreateNamedPipeW 75702D47 5 Bytes JMP 00CB0014
.text C:\Windows\system32\services.exe[600] kernel32.dll!VirtualProtect 75712BCD 5 Bytes JMP 00CB0054
.text C:\Windows\system32\services.exe[600] kernel32.dll!LoadLibraryExA 75714466 5 Bytes JMP 00CB0F97
.text C:\Windows\system32\services.exe[600] kernel32.dll!LoadLibraryExW 75715079 5 Bytes JMP 00CB0F7C
.text C:\Windows\system32\services.exe[600] kernel32.dll!GetProcAddress 7571CC94 5 Bytes JMP 00CB0EEB
.text C:\Windows\system32\services.exe[600] kernel32.dll!LoadLibraryA 7571DC65 5 Bytes JMP 00CB0025
.text C:\Windows\system32\services.exe[600] kernel32.dll!GetStartupInfoW 7571E2DD 5 Bytes JMP 00CB0F2B
.text C:\Windows\system32\services.exe[600] kernel32.dll!CreateFileW 7571E8A5 5 Bytes JMP 00CB0FD4
.text C:\Windows\system32\services.exe[600] kernel32.dll!CreateFileA 7571EA61 5 Bytes JMP 00CB0FEF
.text C:\Windows\system32\services.exe[600] kernel32.dll!LoadLibraryW 7571EF42 5 Bytes JMP 00CB0FA8
.text C:\Windows\system32\services.exe[600] kernel32.dll!CreatePipe 757312A6 5 Bytes JMP 00CB0F57
.text C:\Windows\system32\services.exe[600] kernel32.dll!CreateNamedPipeA 7575DBA8 5 Bytes JMP 00CB0FC3
.text C:\Windows\system32\services.exe[600] kernel32.dll!WinExec 7575EDB2 5 Bytes JMP 00CB0080
.text C:\Windows\system32\services.exe[600] kernel32.dll!VirtualProtectEx 7575FD51 5 Bytes JMP 00CB0065
.text C:\Windows\system32\services.exe[600] msvcrt.dll!_open 76177E48 5 Bytes JMP 00D20000
.text C:\Windows\system32\services.exe[600] msvcrt.dll!_wsystem 761AB04F 5 Bytes JMP 00D20044
.text C:\Windows\system32\services.exe[600] msvcrt.dll!system 761AB16F 5 Bytes JMP 00D20FB9
.text C:\Windows\system32\services.exe[600] msvcrt.dll!_creat 761AED29 5 Bytes JMP 00D20FDE
.text C:\Windows\system32\services.exe[600] msvcrt.dll!_wcreat 761B038E 5 Bytes JMP 00D20029
.text C:\Windows\system32\services.exe[600] msvcrt.dll!_wopen 761B0570 5 Bytes JMP 00D20FEF
.text C:\Windows\system32\services.exe[600] ADVAPI32.dll!RegOpenKeyA 75D6CC15 5 Bytes JMP 00D10FE5
.text C:\Windows\system32\services.exe[600] ADVAPI32.dll!RegCreateKeyA 75D6CD01 5 Bytes JMP 00D1001B
.text C:\Windows\system32\services.exe[600] ADVAPI32.dll!RegCreateKeyExA 75D71469 5 Bytes JMP 00D10036
.text C:\Windows\system32\services.exe[600] ADVAPI32.dll!RegCreateKeyW 75D71514 5 Bytes JMP 00D10F9E
.text C:\Windows\system32\services.exe[600] ADVAPI32.dll!RegOpenKeyW 75D72459 5 Bytes JMP 00D10FD4
.text C:\Windows\system32\services.exe[600] ADVAPI32.dll!RegCreateKeyExW 75D740FE 5 Bytes JMP 00D10051
.text C:\Windows\system32\services.exe[600] ADVAPI32.dll!RegOpenKeyExW 75D7468D 5 Bytes JMP 00D1000A
.text C:\Windows\system32\services.exe[600] ADVAPI32.dll!RegOpenKeyExA 75D74907 5 Bytes JMP 00D10FC3
.text C:\Windows\system32\services.exe[600] WS2_32.dll!socket 758A3EB8 5 Bytes JMP 00D00FE5
.text C:\Windows\system32\lsass.exe[616] ntdll.dll!NtCreateFile 772755C8 5 Bytes JMP 00FE000A
.text C:\Windows\system32\lsass.exe[616] ntdll.dll!NtCreateProcess 77275698 5 Bytes JMP 00FE0FDB
.text C:\Windows\system32\lsass.exe[616] ntdll.dll!NtProtectVirtualMemory 77275F18 5 Bytes JMP 00FE001B
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!GetStartupInfoA 756D1E10 5 Bytes JMP 010200A2
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!CreateProcessW 756D204D 5 Bytes JMP 01020F2F
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!CreateProcessA 756D2082 5 Bytes JMP 010200CE
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!CreateNamedPipeW 75702D47 5 Bytes JMP 01020FC0
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!VirtualProtect 75712BCD 5 Bytes JMP 01020076
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!LoadLibraryExA 75714466 5 Bytes JMP 01020051
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!LoadLibraryExW 75715079 5 Bytes JMP 01020F94
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!GetProcAddress 7571CC94 5 Bytes JMP 01020F14
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!LoadLibraryA 7571DC65 5 Bytes JMP 0102002C
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!GetStartupInfoW 7571E2DD 5 Bytes JMP 01020F5E
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!CreateFileW 7571E8A5 5 Bytes JMP 01020011
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!CreateFileA 7571EA61 5 Bytes JMP 01020000
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!LoadLibraryW 7571EF42 5 Bytes JMP 01020FA5
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!CreatePipe 757312A6 5 Bytes JMP 01020F79
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!CreateNamedPipeA 7575DBA8 5 Bytes JMP 01020FE5
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!WinExec 7575EDB2 5 Bytes JMP 010200BD
.text C:\Windows\system32\lsass.exe[616] kernel32.dll!VirtualProtectEx 7575FD51 5 Bytes JMP 01020087
.text C:\Windows\system32\lsass.exe[616] msvcrt.dll!_open 76177E48 5 Bytes JMP 0112000C
.text C:\Windows\system32\lsass.exe[616] msvcrt.dll!_wsystem 761AB04F 5 Bytes JMP 01120FC8
.text C:\Windows\system32\lsass.exe[616] msvcrt.dll!system 761AB16F 5 Bytes JMP 01120053
.text C:\Windows\system32\lsass.exe[616] msvcrt.dll!_creat 761AED29 5 Bytes JMP 01120027
.text C:\Windows\system32\lsass.exe[616] msvcrt.dll!_wcreat 761B038E 5 Bytes JMP 01120038
.text C:\Windows\system32\lsass.exe[616] msvcrt.dll!_wopen 761B0570 5 Bytes JMP 01120FEF
.text C:\Windows\system32\lsass.exe[616] ADVAPI32.dll!RegOpenKeyA 75D6CC15 5 Bytes JMP 01110FEF
.text C:\Windows\system32\lsass.exe[616] ADVAPI32.dll!RegCreateKeyA 75D6CD01 5 Bytes JMP 0111001E
.text C:\Windows\system32\lsass.exe[616] ADVAPI32.dll!RegCreateKeyExA 75D71469 5 Bytes JMP 01110F72
.text C:\Windows\system32\lsass.exe[616] ADVAPI32.dll!RegCreateKeyW 75D71514 5 Bytes JMP 01110F97
.text C:\Windows\system32\lsass.exe[616] ADVAPI32.dll!RegOpenKeyW 75D72459 5 Bytes JMP 01110FDE
.text C:\Windows\system32\lsass.exe[616] ADVAPI32.dll!RegCreateKeyExW 75D740FE 5 Bytes JMP 01110F61
.text C:\Windows\system32\lsass.exe[616] ADVAPI32.dll!RegOpenKeyExW 75D7468D 5 Bytes JMP 01110FB2
.text C:\Windows\system32\lsass.exe[616] ADVAPI32.dll!RegOpenKeyExA 75D74907 5 Bytes JMP 01110FCD
.text C:\Windows\system32\lsass.exe[616] WS2_32.dll!socket 758A3EB8 5 Bytes JMP 01070FEF
.text C:\Windows\system32\lsass.exe[616] WININET.dll!InternetOpenA 75B54E33 5 Bytes JMP 010C0000
.text C:\Windows\system32\lsass.exe[616] WININET.dll!InternetOpenUrlA 75B5BFCE 5 Bytes JMP 010C0036
.text C:\Windows\system32\lsass.exe[616] WININET.dll!InternetOpenW 75B8C02E 5 Bytes JMP 010C001B
.text C:\Windows\system32\lsass.exe[616] WININET.dll!InternetOpenUrlW 75BBD70A 5 Bytes JMP 010C0FDB
.text C:\Windows\system32\svchost.exe[740] ntdll.dll!NtCreateFile 772755C8 5 Bytes JMP 002B0000
.text C:\Windows\system32\svchost.exe[740] ntdll.dll!NtCreateProcess 77275698 5 Bytes JMP 002B0FDB
.text C:\Windows\system32\svchost.exe[740] ntdll.dll!NtProtectVirtualMemory 77275F18 5 Bytes JMP 002B001B
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!GetStartupInfoA 756D1E10 5 Bytes JMP 00300F6F
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!CreateProcessW 756D204D 5 Bytes JMP 003000F0
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!CreateProcessA 756D2082 5 Bytes JMP 003000DF
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!CreateNamedPipeW 75702D47 5 Bytes JMP 0030002C
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!VirtualProtect 75712BCD 5 Bytes JMP 0030007D
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!LoadLibraryExA 75714466 5 Bytes JMP 00300FB6
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!LoadLibraryExW 75715079 5 Bytes JMP 00300FA5
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!GetProcAddress 7571CC94 5 Bytes JMP 00300F40
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!LoadLibraryA 7571DC65 5 Bytes JMP 0030003D
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!GetStartupInfoW 7571E2DD 5 Bytes JMP 003000B3
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!CreateFileW 7571E8A5 5 Bytes JMP 0030001B
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!CreateFileA 7571EA61 5 Bytes JMP 00300000
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!LoadLibraryW 7571EF42 5 Bytes JMP 00300058
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!CreatePipe 757312A6 5 Bytes JMP 00300F8A
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!CreateNamedPipeA 7575DBA8 5 Bytes JMP 00300FE5
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!WinExec 7575EDB2 5 Bytes JMP 003000C4
.text C:\Windows\system32\svchost.exe[740] kernel32.dll!VirtualProtectEx 7575FD51 5 Bytes JMP 00300098
.text C:\Windows\system32\svchost.exe[740] msvcrt.dll!_open 76177E48 5 Bytes JMP 00330000
.text C:\Windows\system32\svchost.exe[740] msvcrt.dll!_wsystem 761AB04F 5 Bytes JMP 0033008B
.text C:\Windows\system32\svchost.exe[740] msvcrt.dll!system 761AB16F 5 Bytes JMP 0033007A
.text C:\Windows\system32\svchost.exe[740] msvcrt.dll!_creat 761AED29 5 Bytes JMP 0033003A
.text C:\Windows\system32\svchost.exe[740] msvcrt.dll!_wcreat 761B038E 5 Bytes JMP 0033005F
.text C:\Windows\system32\svchost.exe[740] msvcrt.dll!_wopen 761B0570 5 Bytes JMP 0033001D
.text C:\Windows\system32\svchost.exe[740] ADVAPI32.dll!RegOpenKeyA 75D6CC15 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[740] ADVAPI32.dll!RegCreateKeyA 75D6CD01 5 Bytes JMP 00320FB9
.text C:\Windows\system32\svchost.exe[740] ADVAPI32.dll!RegCreateKeyExA 75D71469 5 Bytes JMP 00320F83
.text C:\Windows\system32\svchost.exe[740] ADVAPI32.dll!RegCreateKeyW 75D71514 5 Bytes JMP 00320F94
.text C:\Windows\system32\svchost.exe[740] ADVAPI32.dll!RegOpenKeyW 75D72459 5 Bytes JMP 00320FD4
.text C:\Windows\system32\svchost.exe[740] ADVAPI32.dll!RegCreateKeyExW 75D740FE 5 Bytes JMP 00320040
.text C:\Windows\system32\svchost.exe[740] ADVAPI32.dll!RegOpenKeyExW 75D7468D 5 Bytes JMP 00320025
.text C:\Windows\system32\svchost.exe[740] ADVAPI32.dll!RegOpenKeyExA 75D74907 5 Bytes JMP 00320014
.text C:\Windows\system32\svchost.exe[740] WS2_32.dll!socket 758A3EB8 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[760] ntdll.dll!NtCreateFile 772755C8 5 Bytes JMP 001B0000
.text C:\Windows\system32\svchost.exe[760] ntdll.dll!NtCreateProcess 77275698 5 Bytes JMP 001B002C
.text C:\Windows\system32\svchost.exe[760] ntdll.dll!NtProtectVirtualMemory 77275F18 5 Bytes JMP 001B001B
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!GetStartupInfoA 756D1E10 5 Bytes JMP 00160F7D
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!CreateProcessW 756D204D 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!CreateProcessW 756D204D 5 Bytes JMP 00160F51
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!CreateProcessA 756D2082 5 Bytes JMP 00160F62
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!CreateNamedPipeW 75702D47 5 Bytes JMP 00160036
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!VirtualProtect 75712BCD 5 Bytes JMP 0016008E
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!LoadLibraryExA 75714466 5 Bytes JMP 00160069
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!LoadLibraryExW 75715079 5 Bytes JMP 00160FAC
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!GetProcAddress 7571CC94 5 Bytes JMP 0016010B
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!LoadLibraryA 7571DC65 5 Bytes JMP 00160047
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!GetStartupInfoW 7571E2DD 5 Bytes JMP 001600C1
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!CreateFileW 7571E8A5 5 Bytes JMP 0016000A
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!CreateFileA 7571EA61 5 Bytes JMP 00160FEF
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!LoadLibraryW 7571EF42 5 Bytes JMP 00160058
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!CreatePipe 757312A6 5 Bytes JMP 001600B0
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!CreateNamedPipeA 7575DBA8 5 Bytes JMP 0016001B
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!WinExec 7575EDB2 5 Bytes JMP 001600DC
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!VirtualProtectEx 7575FD51 5 Bytes JMP 0016009F
.text C:\Windows\system32\svchost.exe[760] msvcrt.dll!_open 76177E48 5 Bytes JMP 00210FEF
.text C:\Windows\system32\svchost.exe[760] msvcrt.dll!_wsystem 761AB04F 5 Bytes JMP 00210042
.text C:\Windows\system32\svchost.exe[760] msvcrt.dll!system 761AB16F 5 Bytes JMP 0021001D
.text C:\Windows\system32\svchost.exe[760] msvcrt.dll!_creat 761AED29 5 Bytes JMP 00210FB7
.text C:\Windows\system32\svchost.exe[760] msvcrt.dll!_wcreat 761B038E 5 Bytes JMP 0021000C
.text C:\Windows\system32\svchost.exe[760] msvcrt.dll!_wopen 761B0570 5 Bytes JMP 00210FD2
.text C:\Windows\system32\svchost.exe[760] ADVAPI32.dll!RegOpenKeyA 75D6CC15 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[760] ADVAPI32.dll!RegCreateKeyA 75D6CD01 5 Bytes JMP 001C0FC0
.text C:\Windows\system32\svchost.exe[760] ADVAPI32.dll!RegCreateKeyExA 75D71469 5 Bytes JMP 001C0051
.text C:\Windows\system32\svchost.exe[760] ADVAPI32.dll!RegCreateKeyW 75D71514 5 Bytes JMP 001C0FAF
.text C:\Windows\system32\svchost.exe[760] ADVAPI32.dll!RegOpenKeyW 75D72459 5 Bytes JMP 001C001B
.text C:\Windows\system32\svchost.exe[760] ADVAPI32.dll!RegCreateKeyExW 75D740FE 5 Bytes JMP 001C0F9E
.text C:\Windows\system32\svchost.exe[760] ADVAPI32.dll!RegOpenKeyExW 75D7468D 5 Bytes JMP 001C0FDB
.text C:\Windows\system32\svchost.exe[760] ADVAPI32.dll!RegOpenKeyExA 75D74907 5 Bytes JMP 001C002C
.text C:\Windows\system32\svchost.exe[808] ntdll.dll!NtCreateFile 772755C8 5 Bytes JMP 00450000
.text C:\Windows\system32\svchost.exe[808] ntdll.dll!NtCreateProcess 77275698 5 Bytes JMP 00450FDB
.text C:\Windows\system32\svchost.exe[808] ntdll.dll!NtProtectVirtualMemory 77275F18 5 Bytes JMP 00450011
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!GetStartupInfoA 756D1E10 5 Bytes JMP 007400DB
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!CreateProcessW 756D204D 5 Bytes JMP 00740F50
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!CreateProcessA 756D2082 5 Bytes JMP 00740F61
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!CreateNamedPipeW 75702D47 5 Bytes JMP 0074002F
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!VirtualProtect 75712BCD 5 Bytes JMP 00740FB2
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!LoadLibraryExA 75714466 5 Bytes JMP 00740FC3
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!LoadLibraryExW 75715079 5 Bytes JMP 00740080
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!GetProcAddress 7571CC94 5 Bytes JMP 007400F6
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!LoadLibraryA 7571DC65 5 Bytes JMP 0074004A
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!GetStartupInfoW 7571E2DD 5 Bytes JMP 00740F97
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!CreateFileW 7571E8A5 5 Bytes JMP 00740014
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!CreateFileA 7571EA61 5 Bytes JMP 00740FEF
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!LoadLibraryW 7571EF42 5 Bytes JMP 0074005B
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!CreatePipe 757312A6 5 Bytes JMP 007400C0
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!CreateNamedPipeA 7575DBA8 5 Bytes JMP 00740FDE
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!WinExec 7575EDB2 5 Bytes JMP 00740F7C
.text C:\Windows\system32\svchost.exe[808] kernel32.dll!VirtualProtectEx 7575FD51 5 Bytes JMP 007400AF
.text C:\Windows\system32\svchost.exe[808] msvcrt.dll!_open 76177E48 5 Bytes JMP 007F0FEF
.text C:\Windows\system32\svchost.exe[808] msvcrt.dll!_wsystem 761AB04F 5 Bytes JMP 007F0FCA
.text C:\Windows\system32\svchost.exe[808] msvcrt.dll!system 761AB16F 5 Bytes JMP 007F005F
.text C:\Windows\system32\svchost.exe[808] msvcrt.dll!_creat 761AED29 5 Bytes JMP 007F0029
.text C:\Windows\system32\svchost.exe[808] msvcrt.dll!_wcreat 761B038E 5 Bytes JMP 007F003A
.text C:\Windows\system32\svchost.exe[808] msvcrt.dll!_wopen 761B0570 5 Bytes JMP 007F0018
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegOpenKeyA 75D6CC15 5 Bytes JMP 007E0000
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegCreateKeyA 75D6CD01 5 Bytes JMP 007E0FDB
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegCreateKeyExA 75D71469 5 Bytes JMP 007E0FCA
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegCreateKeyW 75D71514 5 Bytes JMP 007E006C
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegOpenKeyW 75D72459 5 Bytes JMP 007E001B
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegCreateKeyExW 75D740FE 5 Bytes JMP 007E0FAF
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegOpenKeyExW 75D7468D 5 Bytes JMP 007E003D
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!RegOpenKeyExA 75D74907 5 Bytes JMP 007E002C
.text C:\Windows\system32\svchost.exe[808] WS2_32.dll!socket 758A3EB8 5 Bytes JMP 007D0000
.text C:\Windows\System32\svchost.exe[860] ntdll.dll!NtCreateFile 772755C8 5 Bytes JMP 00BF0000
.text C:\Windows\System32\svchost.exe[860] ntdll.dll!NtCreateProcess 77275698 5 Bytes JMP 00BF0011
.text C:\Windows\System32\svchost.exe[860] ntdll.dll!NtProtectVirtualMemory 77275F18 5 Bytes JMP 00BF0FE5
.text C:\Windows\System32\svchost.exe[860] kernel32.dll!GetStartupInfoA 756D1E10 5 Bytes JMP 00BE0F54
.text C:\Windows\System32\svchost.exe[860] kernel32.dll!CreateProcessW 756D204D 5 Bytes JMP 00BE0F2F
.text C:\Windows\System32\svchost.exe[860] kernel32.dll!CreateProcessA 756D2082 5 Bytes JMP 00BE00C4
.text C:\Windows\System32\svchost.exe[860] kernel32.dll!CreateNamedPipeW 75702D47 5 Bytes JMP 00BE0FDB
.text C:\Windows\System32\svchost.exe[860] kernel32.dll!VirtualProtect 75712BCD 5 Bytes JMP 00BE0F8A
.text C:\Windows\System32\svchost.exe[860] kernel32.dll!LoadLibraryExA 75714466 5 Bytes JMP 00BE0FB6
.text C:\Windows\System32\svchost.exe[860] kernel32.dll!LoadLibraryExW 75715079 5 Bytes JMP 00BE0F9B
.text C:\Windows\System32\svchost.exe[860] kernel32.dll!GetProcAddress 7571CC94 5 Bytes JMP 00BE0F1E
.text C:\Windows\System32\svchost.exe[860] kernel32.dll!LoadLibraryA 7571DC65 5 Bytes JMP 00BE0047
.text C:\Windows\System32\svchost.exe[860] kernel32.dll!GetStartupInfoW 7571E2DD 5 Bytes JMP 00BE0098
.text C:\Windows\System32\svchost.exe[860] kernel32.dll!CreateFileW 7571E8A5 5 Bytes JMP 00BE0011
.text C:\Windows\System32\svchost.exe[860] kernel32.dll!CreateFileA 7571EA61 5 Bytes JMP 00BE0000
.text C:\Windows\System32\svchost.exe[860] kernel32.dll!LoadLibraryW 7571EF42 5 Bytes JMP 00BE0058
.text C:\Windows\System32\svchost.exe[860] kernel32.dll!CreatePipe 757312A6 5 Bytes JMP 00BE0F65
.text C:\Windows\System32\svchost.exe[860] kernel32.dll!CreateNamedPipeA 7575DBA8 5 Bytes JMP 00BE002C
.text C:\Windows\System32\svchost.exe[860] kernel32.dll!WinExec 7575EDB2 5 Bytes JMP 00BE00A9
.text C:\Windows\System32\svchost.exe[860] kernel32.dll!VirtualProtectEx 7575FD51 5 Bytes JMP 00BE007D
.text C:\Windows\System32\svchost.exe[860] msvcrt.dll!_open 76177E48 5 Bytes JMP 00FF0000
.text C:\Windows\System32\svchost.exe[860] msvcrt.dll!_wsystem 761AB04F 5 Bytes JMP 00FF002E
.text C:\Windows\System32\svchost.exe[860] msvcrt.dll!system 761AB16F 5 Bytes JMP 00FF0FAD
.text C:\Windows\System32\svchost.exe[860] msvcrt.dll!_creat 761AED29 5 Bytes JMP 00FF0FE3
.text C:\Windows\System32\svchost.exe[860] msvcrt.dll!_wcreat 761B038E 5 Bytes JMP 00FF0FC8
.text C:\Windows\System32\svchost.exe[860] msvcrt.dll!_wopen 761B0570 5 Bytes JMP 00FF001D
.text C:\Windows\System32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyA 75D6CC15 5 Bytes JMP 00FE0FE5
.text C:\Windows\System32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyA 75D6CD01 5 Bytes JMP 00FE000A
.text C:\Windows\System32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyExA 75D71469 5 Bytes JMP 00FE0040
.text C:\Windows\System32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyW 75D71514 5 Bytes JMP 00FE001B
.text C:\Windows\System32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyW 75D72459 5 Bytes JMP 00FE0FCA
.text C:\Windows\System32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyExW 75D740FE 5 Bytes JMP 00FE0F79
.text C:\Windows\System32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyExW 75D7468D 5 Bytes JMP 00FE0F9E
.text C:\Windows\System32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyExA 75D74907 5 Bytes JMP 00FE0FAF
.text C:\Windows\System32\svchost.exe[860] WS2_32.dll!socket 758A3EB8 5 Bytes JMP 00FD0FEF
.text C:\Windows\System32\svchost.exe[920] ntdll.dll!NtCreateFile 772755C8 5 Bytes JMP 00980000
.text C:\Windows\System32\svchost.exe[920] ntdll.dll!NtCreateProcess 77275698 5 Bytes JMP 00980040
.text C:\Windows\System32\svchost.exe[920] ntdll.dll!NtProtectVirtualMemory 77275F18 5 Bytes JMP 00980025
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!GetStartupInfoA 756D1E10 5 Bytes JMP 009700AF
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!CreateProcessW 756D204D 5 Bytes JMP 009700F6
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!CreateProcessA 756D2082 5 Bytes JMP 00970F57
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!CreateNamedPipeW 75702D47 5 Bytes JMP 00970040
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!VirtualProtect 75712BCD 5 Bytes JMP 00970FA8
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!LoadLibraryExA 75714466 5 Bytes JMP 00970076
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!LoadLibraryExW 75715079 5 Bytes JMP 00970FB9
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!GetProcAddress 7571CC94 5 Bytes JMP 00970111
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!LoadLibraryA 7571DC65 5 Bytes JMP 00970FD4
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!GetStartupInfoW 7571E2DD 5 Bytes JMP 009700C0
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!CreateFileW 7571E8A5 5 Bytes JMP 00970014
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!CreateFileA 7571EA61 5 Bytes JMP 00970FEF
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!LoadLibraryW 7571EF42 5 Bytes JMP 0097005B
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!CreatePipe 757312A6 5 Bytes JMP 00970F7C
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!CreateNamedPipeA 7575DBA8 5 Bytes JMP 00970025
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!WinExec 7575EDB2 5 Bytes JMP 009700D1
.text C:\Windows\System32\svchost.exe[920] kernel32.dll!VirtualProtectEx 7575FD51 5 Bytes JMP 00970F8D
.text C:\Windows\System32\svchost.exe[920] msvcrt.dll!_open 76177E48 5 Bytes JMP 00A1000C
.text C:\Windows\System32\svchost.exe[920] msvcrt.dll!_wsystem 761AB04F 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[920] msvcrt.dll!_wsystem 761AB04F 5 Bytes JMP 00A10053
.text C:\Windows\System32\svchost.exe[920] msvcrt.dll!system 761AB16F 5 Bytes JMP 00A10FD2
.text C:\Windows\System32\svchost.exe[920] msvcrt.dll!_creat 761AED29 5 Bytes JMP 00A1002E
.text C:\Windows\System32\svchost.exe[920] msvcrt.dll!_wcreat 761B038E 5 Bytes JMP 00A10FE3
.text C:\Windows\System32\svchost.exe[920] msvcrt.dll!_wopen 761B0570 5 Bytes JMP 00A1001D
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyA 75D6CC15 5 Bytes JMP 00A00000
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyA 75D6CD01 5 Bytes JMP 00A00FB2
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExA 75D71469 5 Bytes JMP 00A00F90
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW 75D71514 5 Bytes JMP 00A00FA1
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyW 75D72459 5 Bytes JMP 00A00FE5
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExW 75D740FE 5 Bytes JMP 00A0004D
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExW 75D7468D 5 Bytes JMP 00A00FC3
.text C:\Windows\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExA 75D74907 5 Bytes JMP 00A00FD4
.text C:\Windows\System32\svchost.exe[920] WS2_32.dll!socket 758A3EB8 5 Bytes JMP 0099000A
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!NtCreateFile 772755C8 5 Bytes JMP 00C10FEF
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!NtCreateProcess 77275698 5 Bytes JMP 00C10FC3
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!NtProtectVirtualMemory 77275F18 5 Bytes JMP 00C10FDE
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetStartupInfoA 756D1E10 5 Bytes JMP 00C20F61
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateProcessW 756D204D 5 Bytes JMP 00C200C3
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateProcessA 756D2082 5 Bytes JMP 00C20F24
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateNamedPipeW 75702D47 5 Bytes JMP 00C20FD4
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!VirtualProtect 75712BCD 5 Bytes JMP 00C20F97
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!LoadLibraryExA 75714466 5 Bytes JMP 00C20065
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!LoadLibraryExW 75715079 5 Bytes JMP 00C20FA8
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetProcAddress 7571CC94 5 Bytes JMP 00C200DE
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!LoadLibraryA 7571DC65 5 Bytes JMP 00C20FC3
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetStartupInfoW 7571E2DD 5 Bytes JMP 00C20F50
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateFileW 7571E8A5 5 Bytes JMP 00C20FE5
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateFileA 7571EA61 5 Bytes JMP 00C20000
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!LoadLibraryW 7571EF42 5 Bytes JMP 00C2004A
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreatePipe 757312A6 5 Bytes JMP 00C2008A
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateNamedPipeA 7575DBA8 5 Bytes JMP 00C20025
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!WinExec 7575EDB2 5 Bytes JMP 00C20F35
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!VirtualProtectEx 7575FD51 5 Bytes JMP 00C20F86
.text C:\Windows\system32\svchost.exe[948] msvcrt.dll!_open 76177E48 5 Bytes JMP 01140000
.text C:\Windows\system32\svchost.exe[948] msvcrt.dll!_wsystem 761AB04F 5 Bytes JMP 01140FA6
.text C:\Windows\system32\svchost.exe[948] msvcrt.dll!system 761AB16F 5 Bytes JMP 01140FC1
.text C:\Windows\system32\svchost.exe[948] msvcrt.dll!_creat 761AED29 5 Bytes JMP 0114001D
.text C:\Windows\system32\svchost.exe[948] msvcrt.dll!_wcreat 761B038E 5 Bytes JMP 01140FD2
.text C:\Windows\system32\svchost.exe[948] msvcrt.dll!_wopen 761B0570 5 Bytes JMP 01140FE3
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyA 75D6CC15 5 Bytes JMP 010F0000
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyA 75D6CD01 5 Bytes JMP 010F0036
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExA 75D71469 5 Bytes JMP 010F0FA5
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyW 75D71514 5 Bytes JMP 010F0047
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyW 75D72459 5 Bytes JMP 010F0011
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegCreateKeyExW 75D740FE 5 Bytes JMP 010F0F8A
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExW 75D7468D 5 Bytes JMP 010F0FCA
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!RegOpenKeyExA 75D74907 5 Bytes JMP 010F0FDB
.text C:\Windows\system32\svchost.exe[948] WS2_32.dll!socket 758A3EB8 5 Bytes JMP 010E0FEF
.text C:\Windows\system32\svchost.exe[1312] ntdll.dll!NtCreateFile 772755C8 5 Bytes JMP 00340000
.text C:\Windows\system32\svchost.exe[1312] ntdll.dll!NtCreateProcess 77275698 5 Bytes JMP 00340FCA
.text C:\Windows\system32\svchost.exe[1312] ntdll.dll!NtProtectVirtualMemory 77275F18 5 Bytes JMP 00340FE5
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoA 756D1E10 5 Bytes JMP 00330F68
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateProcessW 756D204D 5 Bytes JMP 003300D1
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateProcessA 756D2082 5 Bytes JMP 003300B6
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateNamedPipeW 75702D47 5 Bytes JMP 00330039
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!VirtualProtect 75712BCD 5 Bytes JMP 00330080
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExA 75714466 5 Bytes JMP 0033005B
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExW 75715079 5 Bytes JMP 00330F9E
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!GetProcAddress 7571CC94 5 Bytes JMP 003300EC
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!LoadLibraryA 7571DC65 5 Bytes JMP 0033004A
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoW 7571E2DD 5 Bytes JMP 00330F57
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateFileW 7571E8A5 5 Bytes JMP 00330FDE
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateFileA 7571EA61 5 Bytes JMP 00330FEF
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!LoadLibraryW 7571EF42 5 Bytes JMP 00330FB9
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreatePipe 757312A6 5 Bytes JMP 00330091
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateNamedPipeA 7575DBA8 5 Bytes JMP 0033001E
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!WinExec 7575EDB2 5 Bytes JMP 00330F3C
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!VirtualProtectEx 7575FD51 5 Bytes JMP 00330F83
.text C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_open 76177E48 5 Bytes JMP 00950FE3
.text C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_wsystem 761AB04F 5 Bytes JMP 00950FA6
.text C:\Windows\system32\svchost.exe[1312] msvcrt.dll!system 761AB16F 5 Bytes JMP 00950FC1
.text C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_creat 761AED29 5 Bytes JMP 00950027
.text C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_wcreat 761B038E 5 Bytes JMP 00950FD2
.text C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_wopen 761B0570 5 Bytes JMP 0095000C
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyA 75D6CC15 5 Bytes JMP 00350FE5
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyA 75D6CD01 5 Bytes JMP 0035002C
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExA 75D71469 5 Bytes JMP 00350F8A
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyW 75D71514 5 Bytes JMP 00350F9B
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyW 75D72459 5 Bytes JMP 00350FD4
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExW 75D740FE 5 Bytes JMP 00350051
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExW 75D7468D 5 Bytes JMP 0035001B
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExA 75D74907 5 Bytes JMP 00350000
.text C:\Windows\system32\svchost.exe[1312] WS2_32.dll!socket 758A3EB8 5 Bytes JMP 0098000A
.text C:\Windows\system32\svchost.exe[1620] ntdll.dll!NtCreateFile 772755C8 5 Bytes JMP 00540000
.text C:\Windows\system32\svchost.exe[1620] ntdll.dll!NtCreateProcess 77275698 5 Bytes JMP 00540FCA
.text C:\Windows\system32\svchost.exe[1620] ntdll.dll!NtProtectVirtualMemory 77275F18 5 Bytes JMP 00540FE5
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!GetStartupInfoA 756D1E10 5 Bytes JMP 0053009B
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!CreateProcessW 756D204D 5 Bytes JMP 00530F3F
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!CreateProcessA 756D2082 5 Bytes JMP 005300D4
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!CreateNamedPipeW 75702D47 5 Bytes JMP 00530014
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!VirtualProtect 75712BCD 5 Bytes JMP 00530F83
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!LoadLibraryExA 75714466 5 Bytes JMP 00530051
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!LoadLibraryExW 75715079 5 Bytes JMP 00530F9E
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!GetProcAddress 7571CC94 5 Bytes JMP 00530F2E
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!LoadLibraryA 7571DC65 5 Bytes JMP 00530025
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!GetStartupInfoW 7571E2DD 5 Bytes JMP 00530F61
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!CreateFileW 7571E8A5 5 Bytes JMP 00530FDE
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!CreateFileA 7571EA61 5 Bytes JMP 00530FEF
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!LoadLibraryW 7571EF42 5 Bytes JMP 00530040
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!CreatePipe 757312A6 5 Bytes JMP 00530F72
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!CreateNamedPipeA 7575DBA8 5 Bytes JMP 00530FC3
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!WinExec 7575EDB2 5 Bytes JMP 00530F50
.text C:\Windows\system32\svchost.exe[1620] kernel32.dll!VirtualProtectEx 7575FD51 5 Bytes JMP 00530076
.text C:\Windows\system32\svchost.exe[1620] msvcrt.dll!_open 76177E48 5 Bytes JMP 006B0FEF
.text C:\Windows\system32\svchost.exe[1620] msvcrt.dll!_wsystem 761AB04F 5 Bytes JMP 006B0029
.text C:\Windows\system32\svchost.exe[1620] msvcrt.dll!system 761AB16F 5 Bytes JMP 006B0FA8
.text C:\Windows\system32\svchost.exe[1620] msvcrt.dll!_creat 761AED29 5 Bytes JMP 006B0018
.text C:\Windows\system32\svchost.exe[1620] msvcrt.dll!_wcreat 761B038E 5 Bytes JMP 006B0FB9
.text C:\Windows\system32\svchost.exe[1620] msvcrt.dll!_wopen 761B0570 5 Bytes JMP 006B0FDE
.text C:\Windows\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyA 75D6CC15 5 Bytes JMP 0066000A
.text C:\Windows\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyA 75D6CD01 5 Bytes JMP 00660FC3
.text C:\Windows\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyExA 75D71469 5 Bytes JMP 00660FB2
.text C:\Windows\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyW 75D71514 5 Bytes JMP 0066004A
.text C:\Windows\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyW 75D72459 5 Bytes JMP 00660025
.text C:\Windows\system32\svchost.exe[1620] ADVAPI32.dll!RegCreateKeyExW 75D740FE 5 Bytes JMP 0066006F
.text C:\Windows\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyExW 75D7468D 5 Bytes JMP 00660FDE
.text C:\Windows\system32\svchost.exe[1620] ADVAPI32.dll!RegOpenKeyExA 75D74907 5 Bytes JMP 00660FEF
.text C:\Windows\system32\svchost.exe[1620] WS2_32.dll!socket 758A3EB8 5 Bytes JMP 0055000A
.text C:\Windows\system32\svchost.exe[1720] ntdll.dll!NtCreateFile 772755C8 5 Bytes JMP 00380FEF
.text C:\Windows\system32\svchost.exe[1720] ntdll.dll!NtCreateProcess 77275698 5 Bytes JMP 0038001B
.text C:\Windows\system32\svchost.exe[1720] ntdll.dll!NtProtectVirtualMemory 77275F18 5 Bytes JMP 0038000A
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!GetStartupInfoA 756D1E10 5 Bytes JMP 00370F54
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateProcessW 756D204D 5 Bytes JMP 003700B3
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateProcessA 756D2082 5 Bytes JMP 00370F14
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateNamedPipeW 75702D47 5 Bytes JMP 0037001B
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!VirtualProtect 75712BCD 5 Bytes JMP 00370F9B
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!LoadLibraryExA 75714466 5 Bytes JMP 00370062
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!LoadLibraryExW 75715079 5 Bytes JMP 00370073
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!GetProcAddress 7571CC94 5 Bytes JMP 00370F03
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!LoadLibraryA 7571DC65 5 Bytes JMP 00370036
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!GetStartupInfoW 7571E2DD 5 Bytes JMP 0037008E
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateFileW 7571E8A5 5 Bytes JMP 00370FD4
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateFileA 7571EA61 5 Bytes JMP 00370FEF
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!LoadLibraryW 7571EF42 5 Bytes JMP 00370047
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreatePipe 757312A6 5 Bytes JMP 00370F65
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!CreateNamedPipeA 7575DBA8 5 Bytes JMP 0037000A
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!WinExec 7575EDB2 5 Bytes JMP 00370F2F
.text C:\Windows\system32\svchost.exe[1720] kernel32.dll!VirtualProtectEx 7575FD51 5 Bytes JMP 00370F76
.text C:\Windows\system32\svchost.exe[1720] msvcrt.dll!_open 76177E48 5 Bytes JMP 003E0000
.text C:\Windows\system32\svchost.exe[1720] msvcrt.dll!_wsystem 761AB04F 5 Bytes JMP 003E003F
.text C:\Windows\system32\svchost.exe[1720] msvcrt.dll!system 761AB16F 5 Bytes JMP 003E002E
.text C:\Windows\system32\svchost.exe[1720] msvcrt.dll!_creat 761AED29 5 Bytes JMP 003E0FC8
.text C:\Windows\system32\svchost.exe[1720] msvcrt.dll!_wcreat 761B038E 5 Bytes JMP 003E001D
.text C:\Windows\system32\svchost.exe[1720] msvcrt.dll!_wopen 761B0570 5 Bytes JMP 003E0FE3
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyA 75D6CC15 5 Bytes JMP 00390000
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyA 75D6CD01 5 Bytes JMP 00390FC3
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyExA 75D71469 5 Bytes JMP 00390FB2
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyW 75D71514 5 Bytes JMP 0039004A
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyW 75D72459 5 Bytes JMP 00390FEF
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegCreateKeyExW 75D740FE 5 Bytes JMP 00390065
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyExW 75D7468D 5 Bytes JMP 00390FD4
.text C:\Windows\system32\svchost.exe[1720] ADVAPI32.dll!RegOpenKeyExA 75D74907 5 Bytes JMP 0039002F
.text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtCreateFile 772755C8 5 Bytes JMP 00A40000
.text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtCreateProcess 77275698 5 Bytes JMP 00A40FE5
.text C:\Windows\system32\svchost.exe[1884] ntdll.dll!NtProtectVirtualMemory 77275F18 5 Bytes JMP 00A4001B
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!GetStartupInfoA 756D1E10 5 Bytes JMP 009F00FD
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!CreateProcessW 756D204D 5 Bytes JMP 009F014B
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!CreateProcessA 756D2082 5 Bytes JMP 009F013A
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!CreateNamedPipeW 75702D47 5 Bytes JMP 009F0047
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!VirtualProtect 75712BCD 5 Bytes JMP 009F00BD
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!LoadLibraryExA 75714466 5 Bytes JMP 009F007D
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!LoadLibraryExW 75715079 5 Bytes JMP 009F0098
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!GetProcAddress 7571CC94 5 Bytes JMP 009F0F91
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!LoadLibraryA 7571DC65 5 Bytes JMP 009F0062
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!GetStartupInfoW 7571E2DD 5 Bytes JMP 009F0118
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!CreateFileW 7571E8A5 5 Bytes JMP 009F0011
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!CreateFileA 7571EA61 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!LoadLibraryW 7571EF42 5 Bytes JMP 009F0FE5
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!CreatePipe 757312A6 5 Bytes JMP 009F0FCA
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!CreateNamedPipeA 7575DBA8 5 Bytes JMP 009F002C
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!WinExec 7575EDB2 5 Bytes JMP 009F0129
.text C:\Windows\system32\svchost.exe[1884] kernel32.dll!VirtualProtectEx 7575FD51 5 Bytes JMP 009F00D8
.text C:\Windows\system32\svchost.exe[1884] msvcrt.dll!_open 76177E48 5 Bytes JMP 00AB0FEF
.text C:\Windows\system32\svchost.exe[1884] msvcrt.dll!_wsystem 761AB04F 5 Bytes JMP 00AB0FB2
.text C:\Windows\system32\svchost.exe[1884] msvcrt.dll!system 761AB16F 5 Bytes JMP 00AB0033
.text C:\Windows\system32\svchost.exe[1884] msvcrt.dll!_creat 761AED29 5 Bytes JMP 00AB0FDE
.text C:\Windows\system32\svchost.exe[1884] msvcrt.dll!_wcreat 761B038E 5 Bytes JMP 00AB0FCD
.text C:\Windows\system32\svchost.exe[1884] msvcrt.dll!_wopen 761B0570 5 Bytes JMP 00AB000C
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyA 75D6CC15 5 Bytes JMP 00AA0FEF
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyA 75D6CD01 5 Bytes JMP 00AA0040
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyExA 75D71469 5 Bytes JMP 00AA006C
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyW 75D71514 5 Bytes JMP 00AA005B
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyW 75D72459 5 Bytes JMP 00AA000A
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyExW 75D740FE 5 Bytes JMP 00AA0087
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyExW 75D7468D 5 Bytes JMP 00AA0FD4
.text C:\Windows\system32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyExA 75D74907 5 Bytes JMP 00AA002F
.text C:\Windows\system32\svchost.exe[1884] WS2_32.dll!socket 758A3EB8 5 Bytes JMP 00A50000
.text C:\Windows\Explorer.EXE[3144] ntdll.dll!NtCreateFile 772755C8 5 Bytes JMP 00040FEF
.text C:\Windows\Explorer.EXE[3144] ntdll.dll!NtCreateProcess 77275698 5 Bytes JMP 00040FD4
.text C:\Windows\Explorer.EXE[3144] ntdll.dll!NtProtectVirtualMemory 77275F18 5 Bytes JMP 0004000A
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!GetStartupInfoA 756D1E10 5 Bytes JMP 0001008A
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!CreateProcessW 756D204D 5 Bytes JMP 00010F46
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!CreateProcessA 756D2082 5 Bytes JMP 000100DB
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!CreateNamedPipeW 75702D47 5 Bytes JMP 00010028
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!VirtualProtect 75712BCD 5 Bytes JMP 00010F97
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!LoadLibraryExA 75714466 5 Bytes JMP 0001005E
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!LoadLibraryExW 75715079 5 Bytes JMP 0001006F
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!GetProcAddress 7571CC94 5 Bytes JMP 000100F6
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!LoadLibraryA 7571DC65 5 Bytes JMP 00010FBC
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!GetStartupInfoW 7571E2DD 5 Bytes JMP 000100A5
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!CreateFileW 7571E8A5 5 Bytes JMP 00010FDE
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!CreateFileA 7571EA61 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!LoadLibraryW 7571EF42 5 Bytes JMP 00010043
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!CreatePipe 757312A6 5 Bytes JMP 00010F61
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!CreateNamedPipeA 7575DBA8 3 Bytes JMP 00010FCD
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!CreateNamedPipeA + 4 7575DBAC 1 Byte [8A]
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!WinExec 7575EDB2 3 Bytes JMP 000100CA
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!WinExec + 4 7575EDB6 1 Byte [8A]
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!VirtualProtectEx 7575FD51 3 Bytes JMP 00010F7C
.text C:\Windows\Explorer.EXE[3144] kernel32.dll!VirtualProtectEx + 4 7575FD55 1 Byte [8A]
.text C:\Windows\Explorer.EXE[3144] ADVAPI32.dll!RegOpenKeyA 75D6CC15 5 Bytes JMP 0007000A
.text C:\Windows\Explorer.EXE[3144] ADVAPI32.dll!RegCreateKeyA 75D6CD01 5 Bytes JMP 00070FB9
.text C:\Windows\Explorer.EXE[3144] ADVAPI32.dll!RegCreateKeyExA 75D71469 5 Bytes JMP 00070FA8
.text C:\Windows\Explorer.EXE[3144] ADVAPI32.dll!RegCreateKeyW 75D71514 5 Bytes JMP 0007004A
.text C:\Windows\Explorer.EXE[3144] ADVAPI32.dll!RegOpenKeyW 75D72459 5 Bytes JMP 00070FEF
.text C:\Windows\Explorer.EXE[3144] ADVAPI32.dll!RegCreateKeyExW 75D740FE 5 Bytes JMP 00070065
.text C:\Windows\Explorer.EXE[3144] ADVAPI32.dll!RegOpenKeyExW 75D7468D 5 Bytes JMP 00070025
.text C:\Windows\Explorer.EXE[3144] ADVAPI32.dll!RegOpenKeyExA 75D74907 5 Bytes JMP 00070FD4
.text C:\Windows\Explorer.EXE[3144] msvcrt.dll!_open 76177E48 5 Bytes JMP 0008000C
.text C:\Windows\Explorer.EXE[3144] msvcrt.dll!_wsystem 761AB04F 5 Bytes JMP 00080FA6
.text C:\Windows\Explorer.EXE[3144] msvcrt.dll!system 761AB16F 5 Bytes JMP 00080031
.text C:\Windows\Explorer.EXE[3144] msvcrt.dll!_creat 761AED29 5 Bytes JMP 00080FD2
.text C:\Windows\Explorer.EXE[3144] msvcrt.dll!_wcreat 761B038E 5 Bytes JMP 00080FC1
.text C:\Windows\Explorer.EXE[3144] msvcrt.dll!_wopen 761B0570 5 Bytes JMP 00080FE3
.text C:\Windows\Explorer.EXE[3144] WININET.dll!InternetOpenA 75B54E33 5 Bytes JMP 03B20FE5
.text C:\Windows\Explorer.EXE[3144] WININET.dll!InternetOpenUrlA 75B5BFCE 5 Bytes JMP 03B2001B
.text C:\Windows\Explorer.EXE[3144] WININET.dll!InternetOpenW 75B8C02E 5 Bytes JMP 03B20000
.text C:\Windows\Explorer.EXE[3144] WININET.dll!InternetOpenUrlW 75BBD70A 5 Bytes JMP 03B20FD4
.text C:\Windows\Explorer.EXE[3144] WS2_32.dll!socket 758A3EB8 5 Bytes JMP 03420000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)

Device \Driver\ACPI_HAL \Device\00000062 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 92707000-9271F000 (98304 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\701a041d6a1f
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\701a041d6a1f (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\RAC\Temp\sql4F48.tmp 20480 bytes
File C:\ProgramData\Microsoft\RAC\Temp\sql4F58.tmp 20480 bytes
File C:\Windows\$NtUninstallKB50482$\221628423 0 bytes
File C:\Windows\$NtUninstallKB50482$\221628423\@ 2048 bytes
File C:\Windows\$NtUninstallKB50482$\221628423\cfg.ini 40 bytes
File C:\Windows\$NtUninstallKB50482$\221628423\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB50482$\221628423\L 0 bytes
File C:\Windows\$NtUninstallKB50482$\221628423\L\xadqgnnk 108544 bytes
File C:\Windows\$NtUninstallKB50482$\221628423\U 0 bytes
File C:\Windows\$NtUninstallKB50482$\2316928341 0 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:04 PM

Posted 07 December 2011 - 01:14 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 leelheureux20

leelheureux20
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 08 December 2011 - 09:49 AM

Hi Gringo

Thank you for taking your time to look.
I'm having a hard time getting combo fix to complete it's scan.
I restarted the computer and it said it couldn't find a file and then started the scan again but has been at it for some time.

any suggestions?
thanks

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:04 PM

Posted 08 December 2011 - 10:06 AM

let it run for 30 more min if nothing come back and let me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 leelheureux20

leelheureux20
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 08 December 2011 - 11:22 AM

Ok - I restarted the computer and it is rerunning.
the file it says is missing is NIRKMAD
I'll be back shortly
thanks

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:04 PM

Posted 08 December 2011 - 11:30 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 leelheureux20

leelheureux20
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 08 December 2011 - 02:25 PM

HI - Unfortunately it never completed.
Is it possible it's not working properly?
Any suggestions are def welcome.
Thank you

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:04 PM

Posted 08 December 2011 - 04:28 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 leelheureux20

leelheureux20
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 08 December 2011 - 07:13 PM

Currently scanning in safe mode.
It's saying also that my recycle bin is corrupted.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:04 PM

Posted 08 December 2011 - 07:38 PM

ok let me know when it finishes
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 leelheureux20

leelheureux20
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 08 December 2011 - 10:10 PM

Hi Gringo, I'm sorry to report I'm over 2hours in of scanning safe mode.
Should it be longer than this?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:04 PM

Posted 08 December 2011 - 10:33 PM

Hello


if you can see that it is progressing then leave it


if it seems to be doing nothing then stop it and run this


I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 leelheureux20

leelheureux20
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 08 December 2011 - 10:36 PM

I'm going to run the new program.
Combo doesn't seem to be progressing. Still says takes 10minutes.

#14 leelheureux20

leelheureux20
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 08 December 2011 - 10:52 PM

Thank you, this program worked.


22:41:25.0682 4056 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
22:41:25.0806 4056 ============================================================
22:41:25.0806 4056 Current date / time: 2011/12/08 22:41:25.0806
22:41:25.0806 4056 SystemInfo:
22:41:25.0806 4056
22:41:25.0806 4056 OS Version: 6.1.7601 ServicePack: 1.0
22:41:25.0806 4056 Product type: Workstation
22:41:25.0806 4056 ComputerName: LEELHEUREUX-PC
22:41:25.0806 4056 UserName: Lee L'Heureux
22:41:25.0806 4056 Windows directory: C:\Windows
22:41:25.0806 4056 System windows directory: C:\Windows
22:41:25.0806 4056 Processor architecture: Intel x86
22:41:25.0806 4056 Number of processors: 2
22:41:25.0806 4056 Page size: 0x1000
22:41:25.0806 4056 Boot type: Normal boot
22:41:25.0806 4056 ============================================================
22:41:27.0148 4056 Initialize success
22:41:47.0740 4308 ============================================================
22:41:47.0740 4308 Scan started
22:41:47.0740 4308 Mode: Manual;
22:41:47.0740 4308 ============================================================
22:41:48.0380 4308 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:41:48.0380 4308 1394ohci - ok
22:41:48.0582 4308 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:41:48.0582 4308 ACPI - ok
22:41:48.0707 4308 acpials (79d6b28027c398b728ce7cd0570248b0) C:\Windows\system32\DRIVERS\acpials.sys
22:41:48.0723 4308 acpials - ok
22:41:48.0879 4308 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:41:48.0910 4308 AcpiPmi - ok
22:41:49.0128 4308 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:41:49.0175 4308 adp94xx - ok
22:41:49.0362 4308 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:41:49.0378 4308 adpahci - ok
22:41:49.0518 4308 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:41:49.0565 4308 adpu320 - ok
22:41:49.0752 4308 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:41:49.0784 4308 AFD - ok
22:41:50.0002 4308 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:41:50.0018 4308 agp440 - ok
22:41:50.0267 4308 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:41:50.0283 4308 aic78xx - ok
22:41:50.0610 4308 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:41:50.0642 4308 aliide - ok
22:41:50.0860 4308 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:41:50.0891 4308 amdagp - ok
22:41:51.0094 4308 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:41:51.0125 4308 amdide - ok
22:41:51.0328 4308 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:41:51.0344 4308 AmdK8 - ok
22:41:51.0546 4308 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:41:51.0562 4308 AmdPPM - ok
22:41:51.0796 4308 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:41:51.0827 4308 amdsata - ok
22:41:51.0968 4308 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:41:52.0014 4308 amdsbs - ok
22:41:52.0217 4308 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:41:52.0248 4308 amdxata - ok
22:41:52.0482 4308 ApfiltrService (f45f2965c43cecfbd04b0d1674643522) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:41:52.0529 4308 ApfiltrService - ok
22:41:52.0716 4308 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:41:52.0732 4308 AppID - ok
22:41:52.0919 4308 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:41:52.0950 4308 arc - ok
22:41:53.0122 4308 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:41:53.0169 4308 arcsas - ok
22:41:53.0356 4308 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:41:53.0372 4308 AsyncMac - ok
22:41:53.0574 4308 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:41:53.0668 4308 atapi - ok
22:41:53.0949 4308 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:41:53.0996 4308 b06bdrv - ok
22:41:54.0198 4308 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:41:54.0230 4308 b57nd60x - ok
22:41:54.0448 4308 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:41:54.0479 4308 Beep - ok
22:41:54.0635 4308 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:41:54.0666 4308 blbdrive - ok
22:41:54.0900 4308 BMLoad (c9c78e00a21d3fe21ce5d81ba5b45e21) C:\Windows\system32\drivers\BMLoad.sys
22:41:54.0932 4308 BMLoad - ok
22:41:55.0899 4308 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:41:55.0930 4308 bowser - ok
22:41:55.0961 4308 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:41:55.0961 4308 BrFiltLo - ok
22:41:55.0977 4308 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:41:55.0992 4308 BrFiltUp - ok
22:41:56.0055 4308 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:41:56.0102 4308 Brserid - ok
22:41:56.0117 4308 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:41:56.0148 4308 BrSerWdm - ok
22:41:56.0211 4308 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:41:56.0226 4308 BrUsbMdm - ok
22:41:56.0242 4308 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:41:56.0258 4308 BrUsbSer - ok
22:41:56.0336 4308 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
22:41:56.0367 4308 BthEnum - ok
22:41:56.0382 4308 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:41:56.0398 4308 BTHMODEM - ok
22:41:56.0445 4308 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
22:41:56.0460 4308 BthPan - ok
22:41:56.0507 4308 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
22:41:56.0538 4308 BTHPORT - ok
22:41:56.0570 4308 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
22:41:56.0570 4308 BTHUSB - ok
22:41:56.0648 4308 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
22:41:56.0679 4308 btusbflt - ok
22:41:56.0694 4308 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
22:41:56.0710 4308 btwaudio - ok
22:41:56.0741 4308 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys
22:41:56.0757 4308 btwavdt - ok
22:41:56.0788 4308 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:41:56.0819 4308 btwl2cap - ok
22:41:56.0835 4308 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
22:41:56.0835 4308 btwrchid - ok
22:41:56.0975 4308 catchme - ok
22:41:57.0053 4308 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:41:57.0069 4308 cdfs - ok
22:41:57.0209 4308 cdrom (00513fe877a96d9ca527c77b8a57cad9) C:\Windows\system32\drivers\cdrom.sys
22:41:57.0209 4308 Suspicious file (Forged): C:\Windows\system32\drivers\cdrom.sys. Real md5: 00513fe877a96d9ca527c77b8a57cad9, Fake md5: be167ed0fdb9c1fa1133953c18d5a6c9
22:41:57.0209 4308 cdrom ( Rootkit.Win32.ZAccess.k ) - infected
22:41:57.0209 4308 cdrom - detected Rootkit.Win32.ZAccess.k (0)
22:41:57.0272 4308 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys
22:41:57.0303 4308 cfwids - ok
22:41:57.0334 4308 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:41:57.0350 4308 circlass - ok
22:41:57.0396 4308 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:41:57.0412 4308 CLFS - ok
22:41:57.0459 4308 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:41:57.0459 4308 CmBatt - ok
22:41:57.0599 4308 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:41:57.0615 4308 cmdide - ok
22:41:57.0630 4308 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
22:41:57.0646 4308 CNG - ok
22:41:57.0677 4308 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:41:57.0677 4308 Compbatt - ok
22:41:57.0740 4308 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:41:57.0755 4308 CompositeBus - ok
22:41:57.0818 4308 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:41:57.0833 4308 crcdisk - ok
22:41:57.0958 4308 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
22:41:57.0974 4308 CSC - ok
22:41:58.0036 4308 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
22:41:58.0052 4308 CtAudDrv - ok
22:41:58.0145 4308 CtClsFlt (9a6ca307151505730dbfc91d97f01c7e) C:\Windows\system32\DRIVERS\CtClsFlt.sys
22:41:58.0145 4308 CtClsFlt - ok
22:41:58.0239 4308 cvusbdrv (ee773b1806a93a86283b10facebe57db) C:\Windows\system32\Drivers\cvusbdrv.sys
22:41:58.0270 4308 cvusbdrv - ok
22:41:58.0379 4308 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:41:58.0410 4308 DfsC - ok
22:41:58.0488 4308 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:41:58.0504 4308 discache - ok
22:41:58.0520 4308 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:41:58.0535 4308 Disk - ok
22:41:58.0613 4308 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:41:58.0644 4308 drmkaud - ok
22:41:58.0785 4308 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:41:58.0800 4308 DXGKrnl - ok
22:41:58.0910 4308 e1yexpress (44a91d98d6719b49bcd649a863225b5c) C:\Windows\system32\DRIVERS\e1y6232.sys
22:41:58.0941 4308 e1yexpress - ok
22:41:59.0066 4308 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:41:59.0268 4308 ebdrv - ok
22:41:59.0518 4308 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:41:59.0534 4308 elxstor - ok
22:41:59.0643 4308 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:41:59.0643 4308 ErrDev - ok
22:41:59.0690 4308 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:41:59.0690 4308 exfat - ok
22:41:59.0705 4308 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:41:59.0705 4308 fastfat - ok
22:41:59.0768 4308 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:41:59.0783 4308 fdc - ok
22:41:59.0814 4308 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:41:59.0830 4308 FileInfo - ok
22:41:59.0892 4308 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:41:59.0908 4308 Filetrace - ok
22:41:59.0924 4308 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:41:59.0955 4308 flpydisk - ok
22:41:59.0986 4308 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:42:00.0017 4308 FltMgr - ok
22:42:00.0984 4308 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:42:01.0016 4308 FsDepends - ok
22:42:01.0125 4308 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
22:42:01.0156 4308 fssfltr - ok
22:42:01.0187 4308 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
22:42:01.0187 4308 Fs_Rec - ok
22:42:01.0281 4308 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:42:01.0312 4308 fvevol - ok
22:42:01.0343 4308 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:42:01.0343 4308 gagp30kx - ok
22:42:01.0421 4308 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:42:01.0437 4308 GEARAspiWDM - ok
22:42:01.0530 4308 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
22:42:01.0530 4308 giveio - ok
22:42:01.0546 4308 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:42:01.0562 4308 hcw85cir - ok
22:42:01.0624 4308 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:42:01.0624 4308 HDAudBus - ok
22:42:01.0671 4308 HECI (30d57ee84e1e169d41a6e873b549a096) C:\Windows\system32\DRIVERS\HECI.sys
22:42:01.0686 4308 HECI - ok
22:42:01.0702 4308 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:42:01.0702 4308 HidBatt - ok
22:42:01.0733 4308 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:42:01.0733 4308 HidBth - ok
22:42:01.0764 4308 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:42:01.0764 4308 HidIr - ok
22:42:01.0827 4308 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:42:01.0842 4308 HidUsb - ok
22:42:01.0858 4308 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:42:01.0874 4308 HpSAMD - ok
22:42:01.0920 4308 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:42:01.0952 4308 HTTP - ok
22:42:02.0045 4308 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:42:02.0061 4308 hwpolicy - ok
22:42:02.0154 4308 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:42:02.0186 4308 i8042prt - ok
22:42:02.0264 4308 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
22:42:02.0264 4308 iaStor - ok
22:42:02.0342 4308 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:42:02.0373 4308 iaStorV - ok
22:42:02.0544 4308 igfx (a70c995199a47f326eef4f9f5e6267a1) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:42:02.0794 4308 igfx - ok
22:42:02.0966 4308 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:42:02.0997 4308 iirsp - ok
22:42:03.0106 4308 IntcHdmiAddService (e63cd0d9aa8d406cabde5aa718936f40) C:\Windows\system32\drivers\IntcHdmi.sys
22:42:03.0122 4308 IntcHdmiAddService - ok
22:42:03.0246 4308 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:42:03.0246 4308 intelide - ok
22:42:03.0293 4308 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:42:03.0293 4308 intelppm - ok
22:42:03.0356 4308 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:42:03.0356 4308 IpFilterDriver - ok
22:42:03.0449 4308 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:42:03.0449 4308 IPMIDRV - ok
22:42:03.0480 4308 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:42:03.0480 4308 IPNAT - ok
22:42:03.0543 4308 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:42:03.0558 4308 IRENUM - ok
22:42:03.0668 4308 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:42:03.0699 4308 isapnp - ok
22:42:03.0808 4308 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:42:03.0824 4308 iScsiPrt - ok
22:42:03.0870 4308 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:42:03.0902 4308 kbdclass - ok
22:42:03.0995 4308 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
22:42:04.0011 4308 kbdhid - ok
22:42:04.0182 4308 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
22:42:04.0198 4308 KSecDD - ok
22:42:04.0276 4308 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
22:42:04.0307 4308 KSecPkg - ok
22:42:04.0370 4308 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:42:04.0385 4308 lltdio - ok
22:42:04.0432 4308 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:42:04.0463 4308 LSI_FC - ok
22:42:04.0494 4308 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:42:04.0510 4308 LSI_SAS - ok
22:42:04.0526 4308 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:42:04.0541 4308 LSI_SAS2 - ok
22:42:04.0572 4308 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:42:04.0588 4308 LSI_SCSI - ok
22:42:04.0635 4308 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:42:04.0635 4308 luafv - ok
22:42:04.0713 4308 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\Windows\system32\Drivers\LUsbFilt.Sys
22:42:04.0713 4308 LUsbFilt - ok
22:42:04.0806 4308 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:42:04.0853 4308 megasas - ok
22:42:04.0869 4308 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:42:04.0916 4308 MegaSR - ok
22:42:04.0962 4308 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys
22:42:04.0962 4308 mfeapfk - ok
22:42:05.0040 4308 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys
22:42:05.0072 4308 mfeavfk - ok
22:42:05.0103 4308 mfeavfk01 - ok
22:42:05.0150 4308 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys
22:42:05.0165 4308 mfebopk - ok
22:42:05.0228 4308 mfefirek (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys
22:42:05.0243 4308 mfefirek - ok
22:42:05.0306 4308 mfehidk (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys
22:42:05.0368 4308 mfehidk - ok
22:42:05.0399 4308 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys
22:42:05.0430 4308 mfenlfk - ok
22:42:05.0462 4308 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys
22:42:05.0493 4308 mferkdet - ok
22:42:05.0555 4308 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys
22:42:05.0586 4308 mfewfpk - ok
22:42:05.0618 4308 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:42:05.0618 4308 Modem - ok
22:42:05.0664 4308 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:42:05.0664 4308 monitor - ok
22:42:05.0727 4308 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:42:05.0758 4308 mouclass - ok
22:42:06.0132 4308 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:42:06.0148 4308 mouhid - ok
22:42:06.0195 4308 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:42:06.0210 4308 mountmgr - ok
22:42:06.0257 4308 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:42:06.0273 4308 mpio - ok
22:42:06.0304 4308 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:42:06.0320 4308 mpsdrv - ok
22:42:06.0351 4308 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:42:06.0398 4308 MRxDAV - ok
22:42:06.0429 4308 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:42:06.0476 4308 mrxsmb - ok
22:42:06.0522 4308 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:42:06.0569 4308 mrxsmb10 - ok
22:42:06.0585 4308 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:42:06.0600 4308 mrxsmb20 - ok
22:42:06.0600 4308 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:42:06.0632 4308 msahci - ok
22:42:06.0663 4308 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:42:06.0694 4308 msdsm - ok
22:42:06.0725 4308 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:42:06.0725 4308 Msfs - ok
22:42:06.0741 4308 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:42:06.0772 4308 mshidkmdf - ok
22:42:06.0803 4308 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:42:06.0819 4308 msisadrv - ok
22:42:06.0866 4308 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:42:06.0897 4308 MSKSSRV - ok
22:42:06.0897 4308 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:42:06.0912 4308 MSPCLOCK - ok
22:42:06.0928 4308 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:42:06.0928 4308 MSPQM - ok
22:42:06.0959 4308 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:42:06.0975 4308 MsRPC - ok
22:42:06.0990 4308 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:42:06.0990 4308 mssmbios - ok
22:42:07.0006 4308 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:42:07.0037 4308 MSTEE - ok
22:42:07.0053 4308 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:42:07.0053 4308 MTConfig - ok
22:42:07.0068 4308 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:42:07.0084 4308 Mup - ok
22:42:07.0115 4308 NAL (b7caf67df249cd588693c78a246e22b0) C:\Windows\system32\Drivers\iqvw32.sys
22:42:07.0224 4308 NAL - ok
22:42:07.0240 4308 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:42:07.0256 4308 NativeWifiP - ok
22:42:07.0318 4308 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:42:07.0334 4308 NDIS - ok
22:42:07.0349 4308 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:42:07.0365 4308 NdisCap - ok
22:42:07.0380 4308 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:42:07.0380 4308 NdisTapi - ok
22:42:07.0427 4308 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:42:07.0443 4308 Ndisuio - ok
22:42:07.0490 4308 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:42:07.0536 4308 NdisWan - ok
22:42:07.0583 4308 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:42:07.0599 4308 NDProxy - ok
22:42:07.0614 4308 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:42:07.0630 4308 NetBIOS - ok
22:42:07.0661 4308 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:42:07.0708 4308 NetBT - ok
22:42:07.0864 4308 NETw5v32 (af1ae2e42b03395560b1cde03230205c) C:\Windows\system32\DRIVERS\NETw5v32.sys
22:42:08.0004 4308 NETw5v32 - ok
22:42:08.0036 4308 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:42:08.0051 4308 nfrd960 - ok
22:42:08.0067 4308 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:42:08.0082 4308 Npfs - ok
22:42:08.0098 4308 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:42:08.0114 4308 nsiproxy - ok
22:42:08.0176 4308 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:42:08.0254 4308 Ntfs - ok
22:42:08.0285 4308 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:42:08.0285 4308 Null - ok
22:42:08.0348 4308 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:42:08.0363 4308 nvraid - ok
22:42:08.0379 4308 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:42:08.0394 4308 nvstor - ok
22:42:08.0441 4308 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:42:08.0441 4308 nv_agp - ok
22:42:08.0472 4308 OA001Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\Windows\system32\DRIVERS\OA001Ufd.sys
22:42:08.0504 4308 OA001Ufd - ok
22:42:08.0550 4308 OA001Vid (438ffcb55b8ce39b0bc71afc0a059835) C:\Windows\system32\DRIVERS\OA001Vid.sys
22:42:08.0582 4308 OA001Vid - ok
22:42:08.0644 4308 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:42:08.0660 4308 ohci1394 - ok
22:42:08.0706 4308 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:42:08.0722 4308 Parport - ok
22:42:08.0769 4308 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
22:42:08.0800 4308 partmgr - ok
22:42:08.0816 4308 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:42:08.0816 4308 Parvdm - ok
22:42:08.0862 4308 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
22:42:08.0894 4308 PBADRV - ok
22:42:08.0940 4308 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:42:08.0972 4308 pci - ok
22:42:08.0987 4308 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:42:09.0003 4308 pciide - ok
22:42:09.0034 4308 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:42:09.0050 4308 pcmcia - ok
22:42:09.0112 4308 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\Windows\system32\PCTINDIS5.SYS
22:42:09.0128 4308 PCTINDIS5 - ok
22:42:09.0143 4308 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:42:09.0143 4308 pcw - ok
22:42:09.0190 4308 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:42:09.0237 4308 PEAUTH - ok
22:42:09.0268 4308 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:42:09.0284 4308 PptpMiniport - ok
22:42:09.0299 4308 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:42:09.0315 4308 Processor - ok
22:42:09.0346 4308 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:42:09.0346 4308 Psched - ok
22:42:09.0377 4308 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
22:42:09.0408 4308 PxHelp20 - ok
22:42:09.0455 4308 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:42:09.0533 4308 ql2300 - ok
22:42:09.0564 4308 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:42:09.0580 4308 ql40xx - ok
22:42:09.0596 4308 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:42:09.0611 4308 QWAVEdrv - ok
22:42:09.0611 4308 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:42:09.0627 4308 RasAcd - ok
22:42:09.0658 4308 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:42:09.0689 4308 RasAgileVpn - ok
22:42:09.0705 4308 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:42:09.0720 4308 Rasl2tp - ok
22:42:09.0752 4308 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:42:09.0752 4308 RasPppoe - ok
22:42:09.0767 4308 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:42:09.0783 4308 RasSstp - ok
22:42:09.0830 4308 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:42:09.0876 4308 rdbss - ok
22:42:09.0892 4308 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:42:09.0892 4308 rdpbus - ok
22:42:09.0939 4308 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:42:09.0954 4308 RDPCDD - ok
22:42:10.0017 4308 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
22:42:10.0048 4308 RDPDR - ok
22:42:10.0064 4308 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:42:10.0095 4308 RDPENCDD - ok
22:42:10.0110 4308 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:42:10.0110 4308 RDPREFMP - ok
22:42:10.0173 4308 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
22:42:10.0204 4308 RDPWD - ok
22:42:10.0266 4308 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:42:10.0282 4308 rdyboost - ok
22:42:10.0329 4308 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
22:42:10.0360 4308 RFCOMM - ok
22:42:10.0391 4308 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
22:42:10.0391 4308 rimmptsk - ok
22:42:10.0422 4308 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\Windows\system32\DRIVERS\rimspe86.sys
22:42:10.0422 4308 rimspci - ok
22:42:10.0454 4308 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
22:42:10.0454 4308 rimsptsk - ok
22:42:10.0500 4308 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
22:42:10.0532 4308 RimUsb - ok
22:42:10.0578 4308 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
22:42:10.0594 4308 RimVSerPort - ok
22:42:10.0610 4308 risdpcie (6978decc2c38c5ce10a8b0f2b12f4451) C:\Windows\system32\DRIVERS\risdpe86.sys
22:42:10.0625 4308 risdpcie - ok
22:42:10.0641 4308 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
22:42:10.0656 4308 rismxdp - ok
22:42:10.0656 4308 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\Windows\system32\DRIVERS\rixdpe86.sys
22:42:10.0672 4308 rixdpcie - ok
22:42:10.0688 4308 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
22:42:10.0688 4308 ROOTMODEM - ok
22:42:10.0719 4308 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:42:10.0719 4308 rspndr - ok
22:42:10.0750 4308 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
22:42:10.0781 4308 s3cap - ok
22:42:10.0859 4308 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:42:10.0859 4308 SASDIFSV - ok
22:42:10.0906 4308 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
22:42:10.0922 4308 SASENUM - ok
22:42:10.0968 4308 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:42:10.0984 4308 SASKUTIL - ok
22:42:11.0031 4308 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:42:11.0062 4308 sbp2port - ok
22:42:11.0109 4308 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:42:11.0124 4308 scfilter - ok
22:42:11.0171 4308 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
22:42:11.0218 4308 sdbus - ok
22:42:11.0234 4308 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:42:11.0249 4308 secdrv - ok
22:42:11.0280 4308 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:42:11.0280 4308 Serenum - ok
22:42:11.0296 4308 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:42:11.0312 4308 Serial - ok
22:42:11.0343 4308 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:42:11.0374 4308 sermouse - ok
22:42:11.0421 4308 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:42:11.0452 4308 sffdisk - ok
22:42:11.0468 4308 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:42:11.0468 4308 sffp_mmc - ok
22:42:11.0483 4308 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:42:11.0483 4308 sffp_sd - ok
22:42:11.0514 4308 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:42:11.0514 4308 sfloppy - ok
22:42:11.0561 4308 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:42:11.0577 4308 sisagp - ok
22:42:11.0592 4308 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:42:11.0608 4308 SiSRaid2 - ok
22:42:11.0624 4308 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:42:11.0639 4308 SiSRaid4 - ok
22:42:11.0670 4308 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:42:11.0686 4308 Smb - ok
22:42:11.0733 4308 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\Windows\system32\speedfan.sys
22:42:11.0764 4308 speedfan - ok
22:42:11.0780 4308 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:42:11.0795 4308 spldr - ok
22:42:11.0858 4308 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:42:11.0873 4308 srv - ok
22:42:11.0904 4308 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:42:11.0904 4308 srv2 - ok
22:42:11.0936 4308 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:42:11.0951 4308 srvnet - ok
22:42:11.0982 4308 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:42:11.0982 4308 stexstor - ok
22:42:12.0029 4308 STHDA (666954876b4c973eee61b1b2332b58c4) C:\Windows\system32\DRIVERS\stwrt.sys
22:42:12.0060 4308 STHDA - ok
22:42:12.0107 4308 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
22:42:12.0107 4308 storflt - ok
22:42:12.0138 4308 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
22:42:12.0154 4308 storvsc - ok
22:42:12.0201 4308 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:42:12.0232 4308 swenum - ok
22:42:12.0263 4308 swmsflt (4f3ca882769b78b7f9b1dd96df4b6996) C:\Windows\system32\DRIVERS\swmsflt.sys
22:42:12.0279 4308 swmsflt - ok
22:42:12.0341 4308 SWNC8UA3 (e67b60cf0482b5381cdbca203e3af9ca) C:\Windows\system32\DRIVERS\swnc8ua3.sys
22:42:12.0388 4308 SWNC8UA3 - ok
22:42:12.0435 4308 SWUMXA3 (8d4ee23f4f326d246fa988a9d891d9f1) C:\Windows\system32\DRIVERS\swumxa3.sys
22:42:12.0450 4308 SWUMXA3 - ok
22:42:12.0544 4308 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
22:42:12.0700 4308 Tcpip - ok
22:42:12.0731 4308 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
22:42:12.0731 4308 TCPIP6 - ok
22:42:12.0778 4308 tcpipBM (b1a9e04d803fde6b78314455211b726e) C:\Windows\system32\drivers\tcpipBM.sys
22:42:12.0809 4308 tcpipBM - ok
22:42:12.0840 4308 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:42:12.0887 4308 tcpipreg - ok
22:42:12.0950 4308 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:42:12.0981 4308 TDPIPE - ok
22:42:12.0996 4308 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
22:42:13.0043 4308 TDTCP - ok
22:42:13.0090 4308 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:42:13.0106 4308 tdx - ok
22:42:13.0152 4308 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:42:13.0168 4308 TermDD - ok
22:42:13.0230 4308 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:42:13.0277 4308 tssecsrv - ok
22:42:13.0324 4308 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:42:13.0355 4308 TsUsbFlt - ok
22:42:13.0402 4308 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:42:13.0418 4308 tunnel - ok
22:42:13.0449 4308 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:42:13.0464 4308 uagp35 - ok
22:42:13.0511 4308 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:42:13.0542 4308 udfs - ok
22:42:13.0574 4308 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:42:13.0589 4308 uliagpkx - ok
22:42:13.0636 4308 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
22:42:13.0652 4308 umbus - ok
22:42:13.0667 4308 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:42:13.0683 4308 UmPass - ok
22:42:13.0745 4308 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
22:42:13.0776 4308 USBAAPL - ok
22:42:13.0808 4308 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:42:13.0823 4308 usbccgp - ok
22:42:13.0854 4308 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:42:13.0886 4308 usbcir - ok
22:42:13.0932 4308 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:42:13.0964 4308 usbehci - ok
22:42:13.0995 4308 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:42:14.0010 4308 usbhub - ok
22:42:14.0057 4308 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
22:42:14.0088 4308 usbohci - ok
22:42:14.0104 4308 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:42:14.0120 4308 usbprint - ok
22:42:14.0151 4308 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:42:14.0182 4308 USBSTOR - ok
22:42:14.0229 4308 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:42:14.0260 4308 usbuhci - ok
22:42:14.0276 4308 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
22:42:14.0291 4308 usbvideo - ok
22:42:14.0307 4308 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:42:14.0322 4308 vdrvroot - ok
22:42:14.0338 4308 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:42:14.0354 4308 vga - ok
22:42:14.0385 4308 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:42:14.0400 4308 VgaSave - ok
22:42:14.0416 4308 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:42:14.0432 4308 vhdmp - ok
22:42:14.0447 4308 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:42:14.0463 4308 viaagp - ok
22:42:14.0478 4308 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:42:14.0494 4308 ViaC7 - ok
22:42:14.0494 4308 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:42:14.0510 4308 viaide - ok
22:42:14.0556 4308 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
22:42:14.0588 4308 vmbus - ok
22:42:14.0634 4308 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
22:42:14.0650 4308 VMBusHID - ok
22:42:14.0666 4308 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:42:14.0681 4308 volmgr - ok
22:42:14.0697 4308 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:42:14.0728 4308 volmgrx - ok
22:42:14.0744 4308 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:42:14.0759 4308 volsnap - ok
22:42:14.0775 4308 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:42:14.0822 4308 vsmraid - ok
22:42:14.0837 4308 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
22:42:14.0837 4308 vwifibus - ok
22:42:14.0884 4308 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:42:14.0915 4308 WacomPen - ok
22:42:14.0962 4308 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:42:14.0993 4308 WANARP - ok
22:42:14.0993 4308 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:42:14.0993 4308 Wanarpv6 - ok
22:42:15.0024 4308 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
22:42:15.0056 4308 wanatw - ok
22:42:15.0102 4308 WavxDMgr (4011d285c449dd833040045cb0f0e3fe) C:\Windows\system32\DRIVERS\WavxDMgr.sys
22:42:15.0134 4308 WavxDMgr - ok
22:42:15.0165 4308 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:42:15.0180 4308 Wd - ok
22:42:15.0196 4308 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:42:15.0227 4308 Wdf01000 - ok
22:42:15.0258 4308 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:42:15.0258 4308 WfpLwf - ok
22:42:15.0274 4308 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:42:15.0290 4308 WIMMount - ok
22:42:15.0336 4308 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\drivers\WinUSB.sys
22:42:15.0368 4308 WinUsb - ok
22:42:15.0446 4308 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:42:15.0461 4308 WmiAcpi - ok
22:42:15.0508 4308 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:42:15.0524 4308 ws2ifsl - ok
22:42:15.0602 4308 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:42:15.0633 4308 WudfPf - ok
22:42:15.0664 4308 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:42:15.0711 4308 WUDFRd - ok
22:42:15.0742 4308 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:42:15.0758 4308 \Device\Harddisk0\DR0 - ok
22:42:15.0758 4308 Boot (0x1200) (899e63d01bbc3be23dfe852f85034ffb) \Device\Harddisk0\DR0\Partition0
22:42:15.0758 4308 \Device\Harddisk0\DR0\Partition0 - ok
22:42:15.0773 4308 Boot (0x1200) (502d815406b3e19a7fba3b7b44844a07) \Device\Harddisk0\DR0\Partition1
22:42:15.0773 4308 \Device\Harddisk0\DR0\Partition1 - ok
22:42:15.0773 4308 ============================================================
22:42:15.0773 4308 Scan finished
22:42:15.0773 4308 ============================================================
22:42:15.0773 4300 Detected object count: 1
22:42:15.0773 4300 Actual detected object count: 1
22:42:41.0981 4300 Backup copy found, using it..
22:42:41.0997 4300 C:\Windows\system32\drivers\cdrom.sys - will be cured on reboot
22:42:45.0523 4300 cdrom ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
22:42:56.0723 1032 Deinitialize success

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:04 PM

Posted 08 December 2011 - 11:05 PM

Hello


now lets try and run combofix


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users