Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Compromised Box!


  • This topic is locked This topic is locked
13 replies to this topic

#1 ConfoundedX

ConfoundedX

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 13 January 2012 - 11:38 AM

This PC is on same Workgroup as a hacked PC that was compromised by an undetected rootkit that resulted from an email Trojan that was accidently opened, Detected by McAffee System Security and removed, but obviously not before damage was done! That box has since be re-formated and OS re-installed. Shortly afterwards our bank account were hacked and we were hit hard! Bank has got it all back and forensics team is working with us to see how it happened. In the mean time I need to know if this PC is clean!

DDS attached!Looks like the GMER LOG did not save for reason. I will scan and attached again/ Please do not take that as a BUMP! Requires all Anti-virus protection to be off to run or else program fails. So I disable DSL adapter while it running.

Attached Files



BC AdBot (Login to Remove)

 


#2 ConfoundedX

ConfoundedX
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 15 January 2012 - 06:32 PM

GMER Log Added (Not a Bump)
--------------------------


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-15 23:26:43
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM320JI rev.2SS00_01
Running: GMER-phc72dyg.exe; Driver: C:\Users\Medion\AppData\Local\Temp\pgliaaob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x93540080]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x93540BDE]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ZwCreateThreadEx [0x8CF59640]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x93540DD6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x935445AC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x935445DE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x93544740]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x93540CF6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x935401F6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x935403EA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x9354051C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x935446B6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x93544620]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x93544652]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x93544684]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x93540026]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x93540E7C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x93544544]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x9353FFC0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateProcess [0x9353FEE8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x9353FF30]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8C85A498]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8C85A4AE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8C85A484]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKey + 13CD 838759A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 838954E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 141B 8389C7D8 4 Bytes [80, 00, 54, 93] {ADD BYTE [EAX], 0x54; XCHG EBX, EAX}
.text ntoskrnl.exe!KeRemoveQueueEx + 1477 8389C834 4 Bytes [DE, 0B, 54, 93] {FIMUL WORD [EBX]; PUSH ESP; XCHG EBX, EAX}
.text ntoskrnl.exe!KeRemoveQueueEx + 14CF 8389C88C 4 Bytes [40, 96, F5, 8C]
.text ntoskrnl.exe!KeRemoveQueueEx + 1507 8389C8C4 8 Bytes [D6, 0D, 54, 93, AC, 45, 54, ...] {SALC ; OR EAX, 0x45ac9354; PUSH ESP; XCHG EBX, EAX}
.text ntoskrnl.exe!KeRemoveQueueEx + 1517 8389C8D4 4 Bytes [DE, 45, 54, 93] {FIADD WORD [EBP+0x54]; XCHG EBX, EAX}
.text ...
.text ntoskrnl.exe!ZwYieldExecution 838DDDC1 5 Bytes JMP 8C85A488 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 83A76A13 7 Bytes JMP 8C85A49C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 83A993AE 1 Byte [E9]
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 83A993AE 5 Bytes JMP 8C85A4B2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[388] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 00660FEF
.text C:\Windows\system32\svchost.exe[388] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 0066001E
.text C:\Windows\system32\svchost.exe[388] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 00660FDE
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 00650F54
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 00650098
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 00650F03
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 0065002F
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 0065006C
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 00650F9E
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 0065005B
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 006500B3
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00650FC3
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 00650F43
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 00650014
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00650FEF
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 00650040
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 00650087
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 00650FDE
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 00650F1E
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 00650F79
.text C:\Windows\system32\svchost.exe[388] msvcrt.dll!_open 770E7E48 5 Bytes JMP 006F0FEF
.text C:\Windows\system32\svchost.exe[388] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 006F004C
.text C:\Windows\system32\svchost.exe[388] msvcrt.dll!system 7711B16F 5 Bytes JMP 006F0031
.text C:\Windows\system32\svchost.exe[388] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 006F0FD2
.text C:\Windows\system32\svchost.exe[388] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 006F0FC1
.text C:\Windows\system32\svchost.exe[388] msvcrt.dll!_wopen 77120570 5 Bytes JMP 006F000C
.text C:\Windows\system32\svchost.exe[388] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 00600000
.text C:\Windows\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 0060005B
.text C:\Windows\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 00600FAF
.text C:\Windows\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 00600FD4
.text C:\Windows\system32\svchost.exe[388] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 00600FEF
.text C:\Windows\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 00600F9E
.text C:\Windows\system32\svchost.exe[388] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 00600040
.text C:\Windows\system32\svchost.exe[388] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 0060002F
.text C:\Windows\system32\svchost.exe[388] WS2_32.dll!socket 775A3EB8 5 Bytes JMP 0070000A
.text C:\Windows\system32\svchost.exe[572] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 00810000
.text C:\Windows\system32\svchost.exe[572] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 00810022
.text C:\Windows\system32\svchost.exe[572] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 00810011
.text C:\Windows\system32\svchost.exe[572] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 00420F39
.text C:\Windows\system32\svchost.exe[572] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 00420091
.text C:\Windows\system32\svchost.exe[572] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 00420F06
.text C:\Windows\system32\svchost.exe[572] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 00420FD1
.text C:\Windows\system32\svchost.exe[572] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 00420F54
.text C:\Windows\system32\svchost.exe[572] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 00420F94
.text C:\Windows\system32\svchost.exe[572] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00420F79
.text C:\Windows\system32\svchost.exe[572] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 00420EE1
.text C:\Windows\system32\svchost.exe[572] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00420FC0
.text C:\Windows\system32\svchost.exe[572] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 00420F28
.text C:\Windows\system32\svchost.exe[572] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 0042001B
.text C:\Windows\system32\svchost.exe[572] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00420000
.text C:\Windows\system32\svchost.exe[572] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 00420FA5
.text C:\Windows\system32\svchost.exe[572] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 00420062
.text C:\Windows\system32\svchost.exe[572] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 0042002C
.text C:\Windows\system32\svchost.exe[572] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 00420F17
.text C:\Windows\system32\svchost.exe[572] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 00420047
.text C:\Windows\system32\svchost.exe[572] msvcrt.dll!_open 770E7E48 5 Bytes JMP 00820FE3
.text C:\Windows\system32\svchost.exe[572] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 0082000C
.text C:\Windows\system32\svchost.exe[572] msvcrt.dll!system 7711B16F 5 Bytes JMP 00820F8B
.text C:\Windows\system32\svchost.exe[572] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 00820FC1
.text C:\Windows\system32\svchost.exe[572] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 00820FA6
.text C:\Windows\system32\svchost.exe[572] msvcrt.dll!_wopen 77120570 5 Bytes JMP 00820FD2
.text C:\Windows\system32\svchost.exe[572] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 003D0FEF
.text C:\Windows\system32\svchost.exe[572] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 003D0036
.text C:\Windows\system32\svchost.exe[572] ADVAPI32.dll!RegCreateKeyExA 75B11469 3 Bytes JMP 003D0058
.text C:\Windows\system32\svchost.exe[572] ADVAPI32.dll!RegCreateKeyExA + 4 75B1146D 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[572] ADVAPI32.dll!RegCreateKeyW 75B11514 3 Bytes JMP 003D0047
.text C:\Windows\system32\svchost.exe[572] ADVAPI32.dll!RegCreateKeyW + 4 75B11518 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[572] ADVAPI32.dll!RegOpenKeyW 75B12459 3 Bytes JMP 003D000A
.text C:\Windows\system32\svchost.exe[572] ADVAPI32.dll!RegOpenKeyW + 4 75B1245D 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[572] ADVAPI32.dll!RegCreateKeyExW 75B140FE 3 Bytes JMP 003D0073
.text C:\Windows\system32\svchost.exe[572] ADVAPI32.dll!RegCreateKeyExW + 4 75B14102 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[572] ADVAPI32.dll!RegOpenKeyExW 75B1468D 3 Bytes JMP 003D0FCA
.text C:\Windows\system32\svchost.exe[572] ADVAPI32.dll!RegOpenKeyExW + 4 75B14691 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[572] ADVAPI32.dll!RegOpenKeyExA 75B14907 3 Bytes JMP 003D0025
.text C:\Windows\system32\svchost.exe[572] ADVAPI32.dll!RegOpenKeyExA + 4 75B1490B 1 Byte [8A]
.text C:\Windows\system32\services.exe[752] ntdll.dll!NtCreateFile 774A55C8 3 Bytes JMP 004B000A
.text C:\Windows\system32\services.exe[752] ntdll.dll!NtCreateFile + 4 774A55CC 1 Byte [89]
.text C:\Windows\system32\services.exe[752] ntdll.dll!NtCreateProcess 774A5698 3 Bytes JMP 004B0FD4
.text C:\Windows\system32\services.exe[752] ntdll.dll!NtCreateProcess + 4 774A569C 1 Byte [89]
.text C:\Windows\system32\services.exe[752] ntdll.dll!NtProtectVirtualMemory 774A5F18 3 Bytes JMP 004B0FE5
.text C:\Windows\system32\services.exe[752] ntdll.dll!NtProtectVirtualMemory + 4 774A5F1C 1 Byte [89]
.text C:\Windows\system32\services.exe[752] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 00340080
.text C:\Windows\system32\services.exe[752] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 00340F35
.text C:\Windows\system32\services.exe[752] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 003400CA
.text C:\Windows\system32\services.exe[752] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 00340025
.text C:\Windows\system32\services.exe[752] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 00340F72
.text C:\Windows\system32\services.exe[752] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 00340F9E
.text C:\Windows\system32\services.exe[752] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00340F83
.text C:\Windows\system32\services.exe[752] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 00340F10
.text C:\Windows\system32\services.exe[752] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00340040
.text C:\Windows\system32\services.exe[752] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 003400A5
.text C:\Windows\system32\services.exe[752] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 00340000
.text C:\Windows\system32\services.exe[752] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00340FE5
.text C:\Windows\system32\services.exe[752] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 00340FB9
.text C:\Windows\system32\services.exe[752] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 00340065
.text C:\Windows\system32\services.exe[752] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 00340FCA
.text C:\Windows\system32\services.exe[752] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 00340F46
.text C:\Windows\system32\services.exe[752] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 00340F57
.text C:\Windows\system32\services.exe[752] msvcrt.dll!_open 770E7E48 5 Bytes JMP 004D0FEF
.text C:\Windows\system32\services.exe[752] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 004D0FA1
.text C:\Windows\system32\services.exe[752] msvcrt.dll!system 7711B16F 5 Bytes JMP 004D002C
.text C:\Windows\system32\services.exe[752] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 004D0FBC
.text C:\Windows\system32\services.exe[752] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 004D0011
.text C:\Windows\system32\services.exe[752] msvcrt.dll!_wopen 77120570 5 Bytes JMP 004D0000
.text C:\Windows\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 004C0FEF
.text C:\Windows\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 004C002F
.text C:\Windows\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 004C0F9E
.text C:\Windows\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 004C0040
.text C:\Windows\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 004C0000
.text C:\Windows\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 004C005B
.text C:\Windows\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 004C0FB9
.text C:\Windows\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 004C0FCA
.text C:\Windows\system32\services.exe[752] WS2_32.dll!socket 775A3EB8 5 Bytes JMP 0072000A
.text C:\Windows\system32\lsass.exe[768] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 001F000A
.text C:\Windows\system32\lsass.exe[768] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 001F0FD4
.text C:\Windows\system32\lsass.exe[768] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 001E008B
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 001E0F22
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 001E0F33
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 001E0022
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 001E0F6C
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 001E0F91
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 001E004E
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 001E00DC
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 001E0FB6
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 001E009C
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 001E0011
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 001E0000
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 001E0033
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 001E007A
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 001E0FDB
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 001E00AD
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 001E005F
.text C:\Windows\system32\lsass.exe[768] msvcrt.dll!_open 770E7E48 5 Bytes JMP 00210FEF
.text C:\Windows\system32\lsass.exe[768] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 00210FAF
.text C:\Windows\system32\lsass.exe[768] msvcrt.dll!system 7711B16F 5 Bytes JMP 0021003A
.text C:\Windows\system32\lsass.exe[768] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 00210FDE
.text C:\Windows\system32\lsass.exe[768] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 00210029
.text C:\Windows\system32\lsass.exe[768] msvcrt.dll!_wopen 77120570 5 Bytes JMP 00210018
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 00200000
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 00200FB2
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 0020004A
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 00200039
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 00200FEF
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 00200F8D
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 00200FC3
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 00200FDE
.text C:\Windows\system32\lsass.exe[768] WS2_32.dll!socket 775A3EB8 5 Bytes JMP 006B0000
.text C:\Windows\System32\svchost.exe[828] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 00150FE5
.text C:\Windows\System32\svchost.exe[828] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 00150FB9
.text C:\Windows\System32\svchost.exe[828] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 00150FD4
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 00140F2E
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 00140EEA
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 00140EFB
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 00140FBC
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 00140032
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 00140F6B
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00140F5A
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 001400A4
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00140FA1
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 00140F1D
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 00140FDE
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00140FEF
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 00140F86
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 00140F3F
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 00140FCD
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 00140F0C
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 0014004D
.text C:\Windows\System32\svchost.exe[828] msvcrt.dll!_open 770E7E48 5 Bytes JMP 00160FE3
.text C:\Windows\System32\svchost.exe[828] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 00160FAB
.text C:\Windows\System32\svchost.exe[828] msvcrt.dll!system 7711B16F 5 Bytes JMP 00160036
.text C:\Windows\System32\svchost.exe[828] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 00160000
.text C:\Windows\System32\svchost.exe[828] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 00160011
.text C:\Windows\System32\svchost.exe[828] msvcrt.dll!_wopen 77120570 5 Bytes JMP 00160FC6
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 0013000A
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 00130FDB
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 0013006C
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 00130FCA
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 0013001B
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 00130087
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 00130051
.text C:\Windows\System32\svchost.exe[828] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 00130036
.text C:\Windows\System32\svchost.exe[828] WS2_32.dll!socket 775A3EB8 5 Bytes JMP 00170FE5
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 007F0000
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 007F001B
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 007F0FE5
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 00500F28
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 00500ECD
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 00500EE8
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 00500014
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 00500F79
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 00500F9E
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00500051
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 00500087
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00500025
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 0050006C
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 00500FD4
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00500FEF
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 00500040
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 00500F4D
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 00500FC3
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 00500F03
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 00500F68
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_open 770E7E48 5 Bytes JMP 00810FEF
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 00810058
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!system 7711B16F 5 Bytes JMP 0081003D
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 00810FDE
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 00810FC3
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_wopen 77120570 5 Bytes JMP 00810018
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 00800FEF
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 00800FCA
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 00800FA8
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 00800FB9
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 0080000A
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 0080006F
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 00800036
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 00800025
.text C:\Windows\system32\svchost.exe[920] WS2_32.dll!socket 775A3EB8 5 Bytes JMP 00820000
.text C:\Windows\System32\svchost.exe[936] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 00270FEF
.text C:\Windows\System32\svchost.exe[936] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 00270FD4
.text C:\Windows\System32\svchost.exe[936] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 00270014
.text C:\Windows\System32\svchost.exe[936] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 00260076
.text C:\Windows\System32\svchost.exe[936] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 002600C7
.text C:\Windows\System32\svchost.exe[936] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 002600AC
.text C:\Windows\System32\svchost.exe[936] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 00260FB9
.text C:\Windows\System32\svchost.exe[936] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 00260040
.text C:\Windows\System32\svchost.exe[936] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 0026002F
.text C:\Windows\System32\svchost.exe[936] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00260F72
.text C:\Windows\System32\svchost.exe[936] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 00260F0D
.text C:\Windows\System32\svchost.exe[936] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00260FA8
.text C:\Windows\System32\svchost.exe[936] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 00260087
.text C:\Windows\System32\svchost.exe[936] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 00260FD4
.text C:\Windows\System32\svchost.exe[936] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00260FEF
.text C:\Windows\System32\svchost.exe[936] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 00260F8D
.text C:\Windows\System32\svchost.exe[936] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 00260065
.text C:\Windows\System32\svchost.exe[936] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 0026000A
.text C:\Windows\System32\svchost.exe[936] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 00260F32
.text C:\Windows\System32\svchost.exe[936] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 00260F4D
.text C:\Windows\System32\svchost.exe[936] msvcrt.dll!_open 770E7E48 5 Bytes JMP 002C0000
.text C:\Windows\System32\svchost.exe[936] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 002C0047
.text C:\Windows\System32\svchost.exe[936] msvcrt.dll!system 7711B16F 5 Bytes JMP 002C002C
.text C:\Windows\System32\svchost.exe[936] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 002C0FBC
.text C:\Windows\System32\svchost.exe[936] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 002C001B
.text C:\Windows\System32\svchost.exe[936] msvcrt.dll!_wopen 77120570 5 Bytes JMP 002C0FE3
.text C:\Windows\System32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 00250FEF
.text C:\Windows\System32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 00250FCA
.text C:\Windows\System32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 00250FAF
.text C:\Windows\System32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 00250051
.text C:\Windows\System32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 0025000A
.text C:\Windows\System32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 0025006C
.text C:\Windows\System32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 00250036
.text C:\Windows\System32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 0025001B
.text C:\Windows\System32\svchost.exe[936] WS2_32.dll!socket 775A3EB8 5 Bytes JMP 003D0FEF
.text C:\Windows\system32\svchost.exe[1060] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 00230000
.text C:\Windows\system32\svchost.exe[1060] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 00230FCA
.text C:\Windows\system32\svchost.exe[1060] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 00230FDB
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 00220091
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 002200E2
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 00220F4D
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 00220FCA
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 00220062
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 00220F9E
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00220051
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 002200F3
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00220036
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 002200A2
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 00220000
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00220FEF
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 00220FAF
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 00220F68
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 0022001B
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 002200BD
.text C:\Windows\system32\svchost.exe[1060] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 00220F79
.text C:\Windows\system32\svchost.exe[1060] msvcrt.dll!_open 770E7E48 5 Bytes JMP 002D0000
.text C:\Windows\system32\svchost.exe[1060] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 002D0FAB
.text C:\Windows\system32\svchost.exe[1060] msvcrt.dll!system 7711B16F 5 Bytes JMP 002D002C
.text C:\Windows\system32\svchost.exe[1060] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 002D0FC6
.text C:\Windows\system32\svchost.exe[1060] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 002D0011
.text C:\Windows\system32\svchost.exe[1060] msvcrt.dll!_wopen 77120570 5 Bytes JMP 002D0FE3
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 002C0FEF
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 002C001B
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 002C0036
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 002C0F8A
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 002C0FD4
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 002C0F79
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 002C0FAF
.text C:\Windows\system32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 002C000A
.text C:\Windows\system32\svchost.exe[1060] WS2_32.dll!socket 775A3EB8 5 Bytes JMP 002E0000
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1108] ntdll.dll!KiUserApcDispatcher 774A6F38 5 Bytes JMP 00414D50 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1108] WS2_32.dll!getaddrinfo 775A4296 5 Bytes JMP 71A40022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1108] WS2_32.dll!gethostbyname 775B7673 5 Bytes JMP 71AD0022
.text C:\Windows\System32\svchost.exe[1260] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 006C0FEF
.text C:\Windows\System32\svchost.exe[1260] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 006C0FC3
.text C:\Windows\System32\svchost.exe[1260] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 006C0FD4
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 006B0084
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 006B0F39
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 006B0F4A
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 006B0FAF
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 006B0062
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 006B0F8A
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 006B0047
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 006B0F1E
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 006B0025
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 006B009F
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 006B0FE5
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 006B0000
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 006B0036
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 006B0F5B
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 006B0FCA
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 006B00BA
.text C:\Windows\System32\svchost.exe[1260] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 006B0073
.text C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_open 770E7E48 5 Bytes JMP 0076000C
.text C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 00760027
.text C:\Windows\System32\svchost.exe[1260] msvcrt.dll!system 7711B16F 5 Bytes JMP 00760F9C
.text C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 00760FC8
.text C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 00760FAD
.text C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_wopen 77120570 5 Bytes JMP 00760FE3
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 00750000
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 0075004A
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 00750065
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 00750FC3
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 00750FEF
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 00750076
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 00750FD4
.text C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 00750025
.text C:\Windows\System32\svchost.exe[1260] WS2_32.dll!socket 775A3EB8 5 Bytes JMP 00770000
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 006F0FEF
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 006F0FDE
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 006F0014
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 00660F5E
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 006600C7
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 006600B6
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 00660051
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 0066006C
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 00660FAF
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00660F94
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 00660F0D
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00660FE5
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 00660F43
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 00660025
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 0066000A
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 00660FCA
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 00660087
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 00660036
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 00660F32
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 00660F79
.text C:\Windows\System32\svchost.exe[1292] msvcrt.dll!_open 770E7E48 5 Bytes JMP 00790FEF
.text C:\Windows\System32\svchost.exe[1292] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 00790FB7
.text C:\Windows\System32\svchost.exe[1292] msvcrt.dll!system 7711B16F 5 Bytes JMP 00790FD2
.text C:\Windows\System32\svchost.exe[1292] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 0079001D
.text C:\Windows\System32\svchost.exe[1292] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 00790038
.text C:\Windows\System32\svchost.exe[1292] msvcrt.dll!_wopen 77120570 5 Bytes JMP 0079000C
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 00780FEF
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 00780FA8
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 00780F72
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 00780F8D
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 0078000A
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 0078002F
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 00780FC3
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 00780FD4
.text C:\Windows\System32\svchost.exe[1292] WS2_32.dll!socket 775A3EB8 5 Bytes JMP 007A0FEF
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 00B90FEF
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 00B90014
.text C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 00B90FDE
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 00B10F4D
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 00B100C4
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 00B100B3
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 00B10040
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 00B10062
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 00B10051
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00B10F8A
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 00B10F1E
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00B10FCA
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 00B10087
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 00B1001B
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00B10000
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 00B10FB9
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 00B10F68
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 00B10FE5
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 00B100A2
.text C:\Windows\system32\svchost.exe[1320] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 00B10F79
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_open 770E7E48 5 Bytes JMP 00D80000
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 00D80FA3
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!system 7711B16F 5 Bytes JMP 00D80FB4
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 00D8002E
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 00D80FCF
.text C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_wopen 77120570 5 Bytes JMP 00D8001D
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 00C20000
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 00C20FB9
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 00C2005B
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 00C2004A
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 00C2001B
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 00C20F9E
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 00C20FCA
.text C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 00C20FE5
.text C:\Windows\system32\svchost.exe[1320] WS2_32.dll!socket 775A3EB8 5 Bytes JMP 00D90FEF
.text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 0053000A
.text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 0053001B
.text C:\Windows\system32\svchost.exe[1528] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 00530FEF
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 00360091
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 003600D8
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 00360F43
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 00360FC3
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 00360065
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 0036004A
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00360F8D
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 003600F3
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 0036002F
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 003600A2
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 00360FD4
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00360FEF
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 00360FA8
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 00360F68
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 00360014
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 003600B3
.text C:\Windows\system32\svchost.exe[1528] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 00360080
.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_open 770E7E48 5 Bytes JMP 00550000
.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 0055005B
.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!system 7711B16F 5 Bytes JMP 00550036
.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 00550FD7
.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 00550FC6
.text C:\Windows\system32\svchost.exe[1528] msvcrt.dll!_wopen 77120570 5 Bytes JMP 00550011
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 00540FEF
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 00540054
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 00540065
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 00540FC3
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 00540014
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 00540080
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 00540FDE
.text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 00540025
.text C:\Windows\system32\svchost.exe[1528] WS2_32.dll!socket 775A3EB8 5 Bytes JMP 00560FE5
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1584] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 6FE699A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1584] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 6FE69A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[1624] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 00570FEF
.text C:\Windows\system32\svchost.exe[1624] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 00570FB9
.text C:\Windows\system32\svchost.exe[1624] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 00570FCA
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 0056009C
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 005600DC
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 005600C1
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 0056002C
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 00560F91
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 0056005F
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00560FA2
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 005600F7
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 0056003D
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 00560F58
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 0056000A
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00560FEF
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 0056004E
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 0056008B
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 0056001B
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 00560F47
.text C:\Windows\system32\svchost.exe[1624] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 0056007A
.text C:\Windows\system32\svchost.exe[1624] msvcrt.dll!_open 770E7E48 5 Bytes JMP 005A0FEF
.text C:\Windows\system32\svchost.exe[1624] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 005A0F9F
.text C:\Windows\system32\svchost.exe[1624] msvcrt.dll!system 7711B16F 5 Bytes JMP 005A0FB0
.text C:\Windows\system32\svchost.exe[1624] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 005A0016
.text C:\Windows\system32\svchost.exe[1624] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 005A0FC1
.text C:\Windows\system32\svchost.exe[1624] msvcrt.dll!_wopen 77120570 5 Bytes JMP 005A0FDE
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 00590FE5
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 0059001B
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 00590F83
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 00590F94
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 00590000
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 00590036
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 00590FAF
.text C:\Windows\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 00590FCA
.text C:\Windows\system32\svchost.exe[1624] WS2_32.dll!socket 775A3EB8 5 Bytes JMP 005F0FEF
.text C:\Windows\system32\svchost.exe[1788] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 001E0FE5
.text C:\Windows\system32\svchost.exe[1788] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 001E0FC3
.text C:\Windows\system32\svchost.exe[1788] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 001E0FD4
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 001D009B
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 001D0F32
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 001D0F43
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 001D003D
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 001D0F9E
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 001D0FC0
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 001D0FAF
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 001D0F17
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 001D0FD1
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 001D00B6
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 001D0011
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 001D0062
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 001D0F72
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 001D002C
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 001D00C7
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 001D0F8D
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_open 770E7E48 5 Bytes JMP 0078000C
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 0078005A
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!system 7711B16F 5 Bytes JMP 00780FD9
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 0078002E
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 0078003F
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_wopen 77120570 5 Bytes JMP 0078001D
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 0073000A
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 00730FC0
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 00730062
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 00730047
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 0073001B
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 00730073
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 0073002C
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 00730FDB
.text C:\Windows\system32\svchost.exe[1788] WS2_32.dll!socket 775A3EB8 5 Bytes JMP 00790FEF
.text C:\Windows\System32\svchost.exe[2112] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 0017000A
.text C:\Windows\System32\svchost.exe[2112] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 00170FDE
.text C:\Windows\System32\svchost.exe[2112] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 00170FEF
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 00160F46
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 00160EE4
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 00160EF5
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 00160FAF
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 00160F61
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 00160F8D
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00160F7C
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 00160ED3
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00160025
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 00160F2B
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 00160FE5
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 0016000A
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 00160F9E
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 0016006F
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 00160FCA
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 00160F06
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 0016005E
.text C:\Windows\System32\svchost.exe[2112] msvcrt.dll!_open 770E7E48 5 Bytes JMP 0029000C
.text C:\Windows\System32\svchost.exe[2112] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 0029005F
.text C:\Windows\System32\svchost.exe[2112] msvcrt.dll!system 7711B16F 5 Bytes JMP 00290FD4
.text C:\Windows\System32\svchost.exe[2112] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 0029003A
.text C:\Windows\System32\svchost.exe[2112] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 00290FE5
.text C:\Windows\System32\svchost.exe[2112] msvcrt.dll!_wopen 77120570 5 Bytes JMP 00290029
.text C:\Windows\System32\svchost.exe[2112] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 00150FEF
.text C:\Windows\System32\svchost.exe[2112] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 0015001B
.text C:\Windows\System32\svchost.exe[2112] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 00150051
.text C:\Windows\System32\svchost.exe[2112] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 00150036
.text C:\Windows\System32\svchost.exe[2112] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 00150FD4
.text C:\Windows\System32\svchost.exe[2112] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 00150062
.text C:\Windows\System32\svchost.exe[2112] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 0015000A
.text C:\Windows\System32\svchost.exe[2112] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 00150FB9
.text C:\Windows\System32\svchost.exe[2112] WS2_32.dll!socket 775A3EB8 5 Bytes JMP 0018000A
.text C:\Windows\system32\svchost.exe[2244] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 007E0FE5
.text C:\Windows\system32\svchost.exe[2244] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 007E0011
.text C:\Windows\system32\svchost.exe[2244] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 007E0000
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 007800B0
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 007800ED
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 007800DC
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 0078002C
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 0078007A
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 0078004E
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 0078005F
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 00780112
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00780FB6
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 007800CB
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 00780FE5
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00780000
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 0078003D
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 00780F87
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 0078001B
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 00780F6C
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 0078008B
.text C:\Windows\system32\svchost.exe[2244] msvcrt.dll!_open 770E7E48 5 Bytes JMP 00790000
.text C:\Windows\system32\svchost.exe[2244] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 0079003D
.text C:\Windows\system32\svchost.exe[2244] msvcrt.dll!system 7711B16F 5 Bytes JMP 0079002C
.text C:\Windows\system32\svchost.exe[2244] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 00790FCD
.text C:\Windows\system32\svchost.exe[2244] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 00790FBC
.text C:\Windows\system32\svchost.exe[2244] msvcrt.dll!_wopen 77120570 5 Bytes JMP 00790011
.text C:\Windows\system32\svchost.exe[2244] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 00770000
.text C:\Windows\system32\svchost.exe[2244] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 00770FCA
.text C:\Windows\system32\svchost.exe[2244] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 00770FB9
.text C:\Windows\system32\svchost.exe[2244] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 00770051
.text C:\Windows\system32\svchost.exe[2244] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 0077001B
.text C:\Windows\system32\svchost.exe[2244] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 00770080
.text C:\Windows\system32\svchost.exe[2244] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 00770036
.text C:\Windows\system32\svchost.exe[2244] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 00770FE5
.text C:\Windows\system32\svchost.exe[2428] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 00040FEF
.text C:\Windows\system32\svchost.exe[2428] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 0004001E
.text C:\Windows\system32\svchost.exe[2428] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 00040FDE
.text C:\Windows\system32\svchost.exe[2428] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 0001005E
.text C:\Windows\system32\svchost.exe[2428] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 00010EFF
.text C:\Windows\system32\svchost.exe[2428] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 0001008A
.text C:\Windows\system32\svchost.exe[2428] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 00010014
.text C:\Windows\system32\svchost.exe[2428] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 00010F57
.text C:\Windows\system32\svchost.exe[2428] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 00010025
.text C:\Windows\system32\svchost.exe[2428] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00010F68
.text C:\Windows\system32\svchost.exe[2428] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 00010EE4
.text C:\Windows\system32\svchost.exe[2428] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00010F9E
.text C:\Windows\system32\svchost.exe[2428] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 00010F24
.text C:\Windows\system32\svchost.exe[2428] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 00010FDE
.text C:\Windows\system32\svchost.exe[2428] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[2428] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 00010F83
.text C:\Windows\system32\svchost.exe[2428] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 00010F35
.text C:\Windows\system32\svchost.exe[2428] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 00010FCD
.text C:\Windows\system32\svchost.exe[2428] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 00010079
.text C:\Windows\system32\svchost.exe[2428] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 00010F46
.text C:\Windows\system32\svchost.exe[2428] msvcrt.dll!_open 770E7E48 5 Bytes JMP 00120000
.text C:\Windows\system32\svchost.exe[2428] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 00120F90
.text C:\Windows\system32\svchost.exe[2428] msvcrt.dll!system 7711B16F 5 Bytes JMP 0012001B
.text C:\Windows\system32\svchost.exe[2428] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 00120FBC
.text C:\Windows\system32\svchost.exe[2428] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 00120FAB
.text C:\Windows\system32\svchost.exe[2428] msvcrt.dll!_wopen 77120570 5 Bytes JMP 00120FE3
.text C:\Windows\system32\svchost.exe[2428] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 00180FEF
.text C:\Windows\system32\svchost.exe[2428] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 0018003D
.text C:\Windows\system32\svchost.exe[2428] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 00180FB6
.text C:\Windows\system32\svchost.exe[2428] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 0018004E
.text C:\Windows\system32\svchost.exe[2428] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 00180000
.text C:\Windows\system32\svchost.exe[2428] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 00180073
.text C:\Windows\system32\svchost.exe[2428] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 0018002C
.text C:\Windows\system32\svchost.exe[2428] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 00180011
.text C:\Windows\Explorer.EXE[2760] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 00040000
.text C:\Windows\Explorer.EXE[2760] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 0004001B
.text C:\Windows\Explorer.EXE[2760] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 00040FE5
.text C:\Windows\Explorer.EXE[2760] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 0001005E
.text C:\Windows\Explorer.EXE[2760] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 00010EF5
.text C:\Windows\Explorer.EXE[2760] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 00010F10
.text C:\Windows\Explorer.EXE[2760] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 00010FA8
.text C:\Windows\Explorer.EXE[2760] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 00010F46
.text C:\Windows\Explorer.EXE[2760] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 00010F7C
.text C:\Windows\Explorer.EXE[2760] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00010F61
.text C:\Windows\Explorer.EXE[2760] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 000100A5
.text C:\Windows\Explorer.EXE[2760] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00010F97
.text C:\Windows\Explorer.EXE[2760] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 0001006F
.text C:\Windows\Explorer.EXE[2760] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 00010FD4
.text C:\Windows\Explorer.EXE[2760] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[2760] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 0001001E
.text C:\Windows\Explorer.EXE[2760] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 00010F35
.text C:\Windows\Explorer.EXE[2760] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 00010FC3
.text C:\Windows\Explorer.EXE[2760] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 00010080
.text C:\Windows\Explorer.EXE[2760] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 00010043
.text C:\Windows\Explorer.EXE[2760] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 000E0FE5
.text C:\Windows\Explorer.EXE[2760] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 000E002F
.text C:\Windows\Explorer.EXE[2760] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 000E0FA8
.text C:\Windows\Explorer.EXE[2760] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 000E0054
.text C:\Windows\Explorer.EXE[2760] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 000E0FD4
.text C:\Windows\Explorer.EXE[2760] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 000E0F8D
.text C:\Windows\Explorer.EXE[2760] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 000E001E
.text C:\Windows\Explorer.EXE[2760] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 000E0FC3
.text C:\Windows\Explorer.EXE[2760] msvcrt.dll!_open 770E7E48 5 Bytes JMP 000F0000
.text C:\Windows\Explorer.EXE[2760] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 000F002C
.text C:\Windows\Explorer.EXE[2760] msvcrt.dll!system 7711B16F 5 Bytes JMP 000F0FA1
.text C:\Windows\Explorer.EXE[2760] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 000F0011
.text C:\Windows\Explorer.EXE[2760] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 000F0FBC
.text C:\Windows\Explorer.EXE[2760] msvcrt.dll!_wopen 77120570 5 Bytes JMP 000F0FD7
.text C:\Windows\Explorer.EXE[2760] WININET.dll!InternetOpenA 75F64E3C 5 Bytes JMP 024E0FEF
.text C:\Windows\Explorer.EXE[2760] WININET.dll!InternetOpenUrlA 75F6BFDE 5 Bytes JMP 024E0FDE
.text C:\Windows\Explorer.EXE[2760] WININET.dll!InternetOpenW 75F9C126 5 Bytes JMP 024E0014
.text C:\Windows\Explorer.EXE[2760] WININET.dll!InternetOpenUrlW 75FCD8D2 5 Bytes JMP 024E002F
.text C:\Windows\Explorer.EXE[2760] WS2_32.dll!socket 775A3EB8 5 Bytes JMP 049D000A
.text C:\Windows\system32\svchost.exe[3012] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[3012] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[3012] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 0004001B
.text C:\Windows\system32\svchost.exe[3012] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 0001008E
.text C:\Windows\system32\svchost.exe[3012] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 00010F25
.text C:\Windows\system32\svchost.exe[3012] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 00010F40
.text C:\Windows\system32\svchost.exe[3012] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 0001002C
.text C:\Windows\system32\svchost.exe[3012] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 00010062
.text C:\Windows\system32\svchost.exe[3012] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 00010051
.text C:\Windows\system32\svchost.exe[3012] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00010F94
.text C:\Windows\system32\svchost.exe[3012] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 00010F0A
.text C:\Windows\system32\svchost.exe[3012] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00010FB6
.text C:\Windows\system32\svchost.exe[3012] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 000100A9
.text C:\Windows\system32\svchost.exe[3012] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 0001000A
.text C:\Windows\system32\svchost.exe[3012] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[3012] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 00010FA5
.text C:\Windows\system32\svchost.exe[3012] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 00010F65
.text C:\Windows\system32\svchost.exe[3012] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 0001001B
.text C:\Windows\system32\svchost.exe[3012] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 000100BA
.text C:\Windows\system32\svchost.exe[3012] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 0001007D
.text C:\Windows\system32\svchost.exe[3012] msvcrt.dll!_open 770E7E48 5 Bytes JMP 00120000
.text C:\Windows\system32\svchost.exe[3012] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 0012003D
.text C:\Windows\system32\svchost.exe[3012] msvcrt.dll!system 7711B16F 5 Bytes JMP 0012002C
.text C:\Windows\system32\svchost.exe[3012] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 00120FD7
.text C:\Windows\system32\svchost.exe[3012] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 00120FC6
.text C:\Windows\system32\svchost.exe[3012] msvcrt.dll!_wopen 77120570 5 Bytes JMP 00120011
.text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 00130FEF
.text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 00130FB2
.text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 00130F90
.text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 00130FA1
.text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 00130FD4
.text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 00130043
.text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 00130014
.text C:\Windows\system32\svchost.exe[3012] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 00130FC3
.text C:\Windows\system32\svchost.exe[3096] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 003E0FE5
.text C:\Windows\system32\svchost.exe[3096] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 003E0FC3
.text C:\Windows\system32\svchost.exe[3096] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 003E0FD4
.text C:\Windows\system32\svchost.exe[3096] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 00380F39
.text C:\Windows\system32\svchost.exe[3096] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 003800C4
.text C:\Windows\system32\svchost.exe[3096] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 003800A9
.text C:\Windows\system32\svchost.exe[3096] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 00380025
.text C:\Windows\system32\svchost.exe[3096] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 00380062
.text C:\Windows\system32\svchost.exe[3096] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 00380FA5
.text C:\Windows\system32\svchost.exe[3096] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00380F94
.text C:\Windows\system32\svchost.exe[3096] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 003800D5
.text C:\Windows\system32\svchost.exe[3096] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00380040
.text C:\Windows\system32\svchost.exe[3096] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 0038007D
.text C:\Windows\system32\svchost.exe[3096] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 0038000A
.text C:\Windows\system32\svchost.exe[3096] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00380FEF
.text C:\Windows\system32\svchost.exe[3096] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 00380051
.text C:\Windows\system32\svchost.exe[3096] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 00380F54
.text C:\Windows\system32\svchost.exe[3096] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 00380FD4
.text C:\Windows\system32\svchost.exe[3096] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 00380098
.text C:\Windows\system32\svchost.exe[3096] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 00380F6F
.text C:\Windows\system32\svchost.exe[3096] msvcrt.dll!_open 770E7E48 5 Bytes JMP 003D0000
.text C:\Windows\system32\svchost.exe[3096] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 003D0FB7
.text C:\Windows\system32\svchost.exe[3096] msvcrt.dll!system 7711B16F 5 Bytes JMP 003D0FC8
.text C:\Windows\system32\svchost.exe[3096] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 003D0038
.text C:\Windows\system32\svchost.exe[3096] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 003D0FD9
.text C:\Windows\system32\svchost.exe[3096] msvcrt.dll!_wopen 77120570 5 Bytes JMP 003D0011
.text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 000B0FE5
.text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 000B0FAF
.text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 000B0F9E
.text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 000B0040
.text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 000B0FD4
.text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 000B0F83
.text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 000B001B
.text C:\Windows\system32\svchost.exe[3096] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 000B0000
.text C:\Windows\system32\svchost.exe[3096] WS2_32.dll!socket 775A3EB8 5 Bytes JMP 00490FEF
.text C:\Windows\system32\svchost.exe[3144] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 0019000A
.text C:\Windows\system32\svchost.exe[3144] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 00190025
.text C:\Windows\system32\svchost.exe[3144] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 00190FEF
.text C:\Windows\system32\svchost.exe[3144] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 00170F68
.text C:\Windows\system32\svchost.exe[3144] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 00170F10
.text C:\Windows\system32\svchost.exe[3144] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 00170F2B
.text C:\Windows\system32\svchost.exe[3144] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 0017002F
.text C:\Windows\system32\svchost.exe[3144] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 00170080
.text C:\Windows\system32\svchost.exe[3144] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 00170FA8
.text C:\Windows\system32\svchost.exe[3144] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00170065
.text C:\Windows\system32\svchost.exe[3144] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 00170EF5
.text C:\Windows\system32\svchost.exe[3144] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00170FB9
.text C:\Windows\system32\svchost.exe[3144] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 00170F57
.text C:\Windows\system32\svchost.exe[3144] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 00170014
.text C:\Windows\system32\svchost.exe[3144] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00170FEF
.text C:\Windows\system32\svchost.exe[3144] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 00170040
.text C:\Windows\system32\svchost.exe[3144] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 00170091
.text C:\Windows\system32\svchost.exe[3144] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 00170FD4
.text C:\Windows\system32\svchost.exe[3144] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 00170F3C
.text C:\Windows\system32\svchost.exe[3144] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 00170F83
.text C:\Windows\system32\svchost.exe[3144] msvcrt.dll!_open 770E7E48 5 Bytes JMP 00180FE3
.text C:\Windows\system32\svchost.exe[3144] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 0018002F
.text C:\Windows\system32\svchost.exe[3144] msvcrt.dll!system 7711B16F 5 Bytes JMP 00180014
.text C:\Windows\system32\svchost.exe[3144] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 00180FB5
.text C:\Windows\system32\svchost.exe[3144] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 00180F9A
.text C:\Windows\system32\svchost.exe[3144] msvcrt.dll!_wopen 77120570 5 Bytes JMP 00180FC6
.text C:\Windows\system32\svchost.exe[3144] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 00120FEF
.text C:\Windows\system32\svchost.exe[3144] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 00120039
.text C:\Windows\system32\svchost.exe[3144] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 00120065
.text C:\Windows\system32\svchost.exe[3144] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 00120054
.text C:\Windows\system32\svchost.exe[3144] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 0012000A
.text C:\Windows\system32\svchost.exe[3144] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 00120076
.text C:\Windows\system32\svchost.exe[3144] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 00120FCD
.text C:\Windows\system32\svchost.exe[3144] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 00120FDE
.text C:\Windows\system32\svchost.exe[3204] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 00370000
.text C:\Windows\system32\svchost.exe[3204] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 00370FEF
.text C:\Windows\system32\svchost.exe[3204] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 00370025
.text C:\Windows\system32\svchost.exe[3204] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 00350F46
.text C:\Windows\system32\svchost.exe[3204] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 00350F17
.text C:\Windows\system32\svchost.exe[3204] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 003500AC
.text C:\Windows\system32\svchost.exe[3204] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 00350FA8
.text C:\Windows\system32\svchost.exe[3204] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 00350039
.text C:\Windows\system32\svchost.exe[3204] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 00350F6B
.text C:\Windows\system32\svchost.exe[3204] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00350028
.text C:\Windows\system32\svchost.exe[3204] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 00350EFC
.text C:\Windows\system32\svchost.exe[3204] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00350F97
.text C:\Windows\system32\svchost.exe[3204] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 0035008A
.text C:\Windows\system32\svchost.exe[3204] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 00350FD4
.text C:\Windows\system32\svchost.exe[3204] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00350FE5
.text C:\Windows\system32\svchost.exe[3204] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 00350F7C
.text C:\Windows\system32\svchost.exe[3204] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 0035006F
.text C:\Windows\system32\svchost.exe[3204] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 00350FC3
.text C:\Windows\system32\svchost.exe[3204] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 0035009B
.text C:\Windows\system32\svchost.exe[3204] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 0035005E
.text C:\Windows\system32\svchost.exe[3204] msvcrt.dll!_open 770E7E48 5 Bytes JMP 00360FEF
.text C:\Windows\system32\svchost.exe[3204] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 0036003D
.text C:\Windows\system32\svchost.exe[3204] msvcrt.dll!system 7711B16F 5 Bytes JMP 00360FB2
.text C:\Windows\system32\svchost.exe[3204] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 00360FD4
.text C:\Windows\system32\svchost.exe[3204] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 00360FC3
.text C:\Windows\system32\svchost.exe[3204] msvcrt.dll!_wopen 77120570 5 Bytes JMP 0036000C
.text C:\Windows\system32\svchost.exe[3204] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 00340FEF
.text C:\Windows\system32\svchost.exe[3204] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 00340FC3
.text C:\Windows\system32\svchost.exe[3204] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 0034005B
.text C:\Windows\system32\svchost.exe[3204] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 0034004A
.text C:\Windows\system32\svchost.exe[3204] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 0034000A
.text C:\Windows\system32\svchost.exe[3204] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 00340F9E
.text C:\Windows\system32\svchost.exe[3204] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 00340FD4
.text C:\Windows\system32\svchost.exe[3204] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 00340025
.text C:\Windows\system32\svchost.exe[3204] WS2_32.dll!socket 775A3EB8 5 Bytes JMP 00080000
.text C:\Windows\system32\svchost.exe[4348] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 00040FEF
.text C:\Windows\system32\svchost.exe[4348] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 00040FC3
.text C:\Windows\system32\svchost.exe[4348] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 00040FDE
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 00010F03
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 0001008E
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 0001007D
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 00010F9E
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 00010F3C
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 00010F68
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00010F57
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 000100B3
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00010F8D
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 00010047
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 00010FD4
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 0001000A
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 00010036
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 00010FB9
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 00010062
.text C:\Windows\system32\svchost.exe[4348] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 00010025
.text C:\Windows\system32\svchost.exe[4348] msvcrt.dll!_open 770E7E48 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[4348] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 00070F81
.text C:\Windows\system32\svchost.exe[4348] msvcrt.dll!system 7711B16F 5 Bytes JMP 00070F9C
.text C:\Windows\system32\svchost.exe[4348] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 00070FC8
.text C:\Windows\system32\svchost.exe[4348] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 00070FB7
.text C:\Windows\system32\svchost.exe[4348] msvcrt.dll!_wopen 77120570 5 Bytes JMP 00070FE3
.text C:\Windows\system32\svchost.exe[4348] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 00160000
.text C:\Windows\system32\svchost.exe[4348] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 0016005B
.text C:\Windows\system32\svchost.exe[4348] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 00160FD4
.text C:\Windows\system32\svchost.exe[4348] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 00160076
.text C:\Windows\system32\svchost.exe[4348] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 0016001B
.text C:\Windows\system32\svchost.exe[4348] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 00160091
.text C:\Windows\system32\svchost.exe[4348] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 00160036
.text C:\Windows\system32\svchost.exe[4348] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 00160FE5
.text C:\Windows\system32\svchost.exe[4348] WS2_32.dll!socket 775A3EB8 5 Bytes JMP 00180FE5
.text C:\Windows\System32\svchost.exe[5848] ntdll.dll!NtCreateFile 774A55C8 5 Bytes JMP 00040FEF
.text C:\Windows\System32\svchost.exe[5848] ntdll.dll!NtCreateProcess 774A5698 5 Bytes JMP 00040000
.text C:\Windows\System32\svchost.exe[5848] ntdll.dll!NtProtectVirtualMemory 774A5F18 5 Bytes JMP 00040FD4
.text C:\Windows\System32\svchost.exe[5848] kernel32.dll!GetStartupInfoA 76101E10 5 Bytes JMP 00010F39
.text C:\Windows\System32\svchost.exe[5848] kernel32.dll!CreateProcessW 7610204D 5 Bytes JMP 000100B3
.text C:\Windows\System32\svchost.exe[5848] kernel32.dll!CreateProcessA 76102082 5 Bytes JMP 00010098
.text C:\Windows\System32\svchost.exe[5848] kernel32.dll!CreateNamedPipeW 76132D47 5 Bytes JMP 00010FB9
.text C:\Windows\System32\svchost.exe[5848] kernel32.dll!VirtualProtect 76142BCD 5 Bytes JMP 00010051
.text C:\Windows\System32\svchost.exe[5848] kernel32.dll!LoadLibraryExA 76144466 5 Bytes JMP 0001002F
.text C:\Windows\System32\svchost.exe[5848] kernel32.dll!LoadLibraryExW 76145079 5 Bytes JMP 00010040
.text C:\Windows\System32\svchost.exe[5848] kernel32.dll!GetProcAddress 7614CC94 5 Bytes JMP 00010F03
.text C:\Windows\System32\svchost.exe[5848] kernel32.dll!LoadLibraryA 7614DC65 5 Bytes JMP 00010FA8
.text C:\Windows\System32\svchost.exe[5848] kernel32.dll!GetStartupInfoW 7614E2DD 5 Bytes JMP 0001007D
.text C:\Windows\System32\svchost.exe[5848] kernel32.dll!CreateFileW 7614E8A5 5 Bytes JMP 00010FCA
.text C:\Windows\System32\svchost.exe[5848] kernel32.dll!CreateFileA 7614EA61 5 Bytes JMP 00010FE5
.text C:\Windows\System32\svchost.exe[5848] kernel32.dll!LoadLibraryW 7614EF42 5 Bytes JMP 00010F8D
.text C:\Windows\System32\svchost.exe[5848] kernel32.dll!CreatePipe 761612A6 5 Bytes JMP 00010F54
.text C:\Windows\System32\svchost.exe[5848] kernel32.dll!CreateNamedPipeA 7618DBA8 5 Bytes JMP 00010000
.text C:\Windows\System32\svchost.exe[5848] kernel32.dll!WinExec 7618EDB2 5 Bytes JMP 00010F1E
.text C:\Windows\System32\svchost.exe[5848] kernel32.dll!VirtualProtectEx 7618FD51 5 Bytes JMP 00010062
.text C:\Windows\System32\svchost.exe[5848] msvcrt.dll!_open 770E7E48 5 Bytes JMP 00070FEF
.text C:\Windows\System32\svchost.exe[5848] msvcrt.dll!_wsystem 7711B04F 5 Bytes JMP 00070F92
.text C:\Windows\System32\svchost.exe[5848] msvcrt.dll!system 7711B16F 5 Bytes JMP 00070FAD
.text C:\Windows\System32\svchost.exe[5848] msvcrt.dll!_creat 7711ED29 5 Bytes JMP 0007001D
.text C:\Windows\System32\svchost.exe[5848] msvcrt.dll!_wcreat 7712038E 5 Bytes JMP 00070FC8
.text C:\Windows\System32\svchost.exe[5848] msvcrt.dll!_wopen 77120570 5 Bytes JMP 0007000C
.text C:\Windows\System32\svchost.exe[5848] ADVAPI32.dll!RegOpenKeyA 75B0CC15 5 Bytes JMP 00230000
.text C:\Windows\System32\svchost.exe[5848] ADVAPI32.dll!RegCreateKeyA 75B0CD01 5 Bytes JMP 00230036
.text C:\Windows\System32\svchost.exe[5848] ADVAPI32.dll!RegCreateKeyExA 75B11469 5 Bytes JMP 0023006C
.text C:\Windows\System32\svchost.exe[5848] ADVAPI32.dll!RegCreateKeyW 75B11514 5 Bytes JMP 00230051
.text C:\Windows\System32\svchost.exe[5848] ADVAPI32.dll!RegOpenKeyW 75B12459 5 Bytes JMP 00230FE5
.text C:\Windows\System32\svchost.exe[5848] ADVAPI32.dll!RegCreateKeyExW 75B140FE 5 Bytes JMP 00230FAF
.text C:\Windows\System32\svchost.exe[5848] ADVAPI32.dll!RegOpenKeyExW 75B1468D 5 Bytes JMP 00230FD4
.text C:\Windows\System32\svchost.exe[5848] ADVAPI32.dll!RegOpenKeyExA 75B14907 5 Bytes JMP 0023001B

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000008f bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000005d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000008d bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Fs_Rec.sys (File System Recognizer Driver/Microsoft Corporation)
Device cdfs.sys (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2ec54ce
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2ec54ce (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Officejet 4500 G510n-z@ChangeID 1678461
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Officejet 4500 G510n-z (Copy 1)@ChangeID 1678492

---- EOF - GMER 1.0.15 ----

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 AM

Posted 19 January 2012 - 11:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/437900 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 21 January 2012 - 10:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#5 ConfoundedX

ConfoundedX
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 22 January 2012 - 01:07 PM

Hi Nasdaq,

Welcome!

I ran TDSKiller at the start when making my first post in am I infected. It found 4 suspicious .sys files as noted in that post.

netaapl.sys
PCASp50sys
libusb0.sys

I deleted and replaced them. I'll attach a log tomorrow.

The MBR log was in my last topic with




aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-20 21:44:15
-----------------------------
21:44:15.283 OS Version: Windows 6.1.7601 Service Pack 1
21:44:15.283 Number of processors: 2 586 0xF0D
21:44:15.288 ComputerName: SAMSUNG-Q210 UserName: Medion
21:44:16.668 Initialize success
21:45:44.224 AVAST engine defs: 12011200
21:46:25.919 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:46:25.922 Disk 0 Vendor: SAMSUNG_HM320JI 2SS00_01 Size: 305245MB BusType: 3
21:46:25.966 Disk 0 MBR read successfully
21:46:25.971 Disk 0 MBR scan
21:46:25.985 Disk 0 unknown MBR code
21:46:26.003 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
21:46:26.020 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147456 MB offset 20973568
21:46:26.049 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 147547 MB offset 322963456
21:46:26.061 Disk 0 scanning sectors +625139712
21:46:26.137 Disk 0 scanning C:\Windows\system32\drivers
21:46:57.568 Service scanning
21:46:59.822 Modules scanning
21:47:14.386 Disk 0 trace - called modules:
21:47:14.416 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys ndis.sys
21:47:14.433 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x870b03b8]
21:47:14.440 3 CLASSPNP.SYS[8d2bd59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86bd8030]
21:47:15.079 AVAST engine scan C:\
00:03:23.531 Disk 0 MBR has been saved successfully to "C:\Users\Medion\Desktop\BLEEDING\MBR.dat"
00:03:23.619 The log file has been saved successfully to "C:\Users\Medion\Desktop\BLEEDING\aswMBR.txt"


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-13 00:46:49
-----------------------------
00:46:49.729 OS Version: Windows 6.1.7601 Service Pack 1
00:46:49.729 Number of processors: 2 586 0xF0D
00:46:49.729 ComputerName: SAMSUNG-Q210 UserName: Medion
00:46:50.415 Initialize success
00:46:57.419 AVAST engine defs: 12011200
00:47:01.101 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:47:01.101 Disk 0 Vendor: SAMSUNG_HM320JI 2SS00_01 Size: 305245MB BusType: 3
00:47:01.195 Disk 0 MBR read successfully
00:47:01.195 Disk 0 MBR scan
00:47:01.195 Disk 0 unknown MBR code
00:47:01.226 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
00:47:01.273 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147456 MB offset 20973568
00:47:01.304 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 147547 MB offset 322963456
00:47:01.304 Disk 0 scanning sectors +625139712
00:47:01.413 Disk 0 scanning C:\Windows\system32\drivers
00:47:23.565 Service scanning
00:47:25.172 Modules scanning
00:47:33.565 Disk 0 trace - called modules:
00:47:33.580 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
00:47:33.580 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860a4030]
00:47:33.580 3 CLASSPNP.SYS[8c2d159e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85bd0908]
00:47:34.781 AVAST engine scan C:\Windows
00:47:39.430 AVAST engine scan C:\Windows\system32
00:51:35.615 AVAST engine scan C:\Windows\system32\drivers
00:51:52.775 AVAST engine scan C:\Users\Medion
02:10:50.987 AVAST engine scan C:\ProgramData
02:15:17.747 Scan finished successfully
10:58:52.224 Disk 0 MBR has been saved successfully to "C:\Users\Medion\Desktop\BLEEDING\MBR.dat"
10:58:52.271 The log file has been saved successfully to "C:\Users\Medion\Desktop\BLEEDING\aswMBR.txt"

You can you refer to the thread in the topic started before referral here for this problem for more information. http://www.bleepingcomputer.com/forums/topic437578.html/page__p__2549361__fromsearch__1#entry2549361

What I can tell you is that I am running Trusteer Rapport, as recommended by my Bank, to protect browsing, wheh in protected mode. The console shows that when accessing my Bank Login page that screen capture attempts are being blocked, by various legit ? programs on my PC like MS Outlook 2007, and others, and that keylogging attempted are being blocked if any entry is made.

When I start outlook the program messages me, asking about trusting an and 'untrusted' server. The details show the certificate called 'localhost' on 127.0.0.1 and identity postmaster@example.com. Weird but its been happening for over a month. Never seen it before. If I do not trust it, it comes back. If I edit and change permissions, it comes back again asking with full permission enabled.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 22 January 2012 - 02:53 PM

::1 localhost
74.208.10.249 gs.apple.com

127.0.0.1 localhost

If this is the content of your host file you change it to

127.0.0.1 localhost
::1 localhost

74.208.10.249 gs.apple.com



add this line only if you need it for Itune.

Make sure you save the file after the change is done.

You will find the file in one of these folders.
Windows 7 - 32 bit C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
Windows 7 - 64 bit C:\WINDOWS\SYSTEM32\sysWOW32\ETC\HOSTS

Restart the computer and let me know what problem persists.

#7 ConfoundedX

ConfoundedX
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 23 January 2012 - 11:28 AM

Hi Nasdaq,

Interesting! I have been getting a email server request to trust an untrusted localhost certificate that is outdated in 2009. Its been happening for a couple months.
Checking the certificate details it enables every aspect of security. Can I trust it?

I have reset the hosts file. But please can you read the activity about this problem when I was referred to this section.
http://www.bleepingcomputer.com/forums/topic437578.html/page__pid__2555951__st__15#entry2555951

TrusteerRapport console shows I the screen shot and keylogging attempts are being blocked when logging into a trusted site when it is active. When doing this same on clean PC this does not happen.
Also please note that on every reboot I am showing an IP address to my LAN PROXY settings, but it is not enabled now.

This PC was on same Network of very compromised PC that resulted in BankFraud. What else can we run to check it? How does the GMER Log look?

Here is another TDSKiller Log from today. Only suspicious file is PCASp50.sys which only shows when (x)Verify Digitial Signitures and (x) Detect TDLS is marked.
This file seems to related to NDIS Ethernet access drivers and as third party driver file. I quarantined it and deleted. But may need to restore.




13:51:21.0667 5804 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
13:51:23.0700 5804 ============================================================
13:51:23.0701 5804 Current date / time: 2012/01/23 13:51:23.0700
13:51:23.0701 5804 SystemInfo:
13:51:23.0701 5804
13:51:23.0701 5804 OS Version: 6.1.7601 ServicePack: 1.0
13:51:23.0701 5804 Product type: Workstation
13:51:23.0701 5804 ComputerName: SAMSUNG-Q210
13:51:23.0709 5804 UserName: Medion
13:51:23.0709 5804 Windows directory: C:\Windows
13:51:23.0709 5804 System windows directory: C:\Windows
13:51:23.0709 5804 Processor architecture: Intel x86
13:51:23.0709 5804 Number of processors: 2
13:51:23.0709 5804 Page size: 0x1000
13:51:23.0709 5804 Boot type: Normal boot
13:51:23.0709 5804 ============================================================
13:51:26.0684 5804 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:51:26.0710 5804 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:51:26.0714 5804 Drive \Device\Harddisk2\DR2 - Size: 0x7820000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:51:26.0894 5804 Initialize success
13:51:39.0532 1740 ============================================================
13:51:39.0532 1740 Scan started
13:51:39.0532 1740 Mode: Manual;
13:51:39.0532 1740 ============================================================
13:51:41.0385 1740 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:51:41.0461 1740 1394ohci - ok
13:51:41.0533 1740 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:51:41.0607 1740 ACPI - ok
13:51:41.0654 1740 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:51:41.0705 1740 AcpiPmi - ok
13:51:41.0764 1740 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:51:41.0780 1740 adp94xx - ok
13:51:41.0819 1740 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:51:41.0829 1740 adpahci - ok
13:51:41.0879 1740 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:51:41.0896 1740 adpu320 - ok
13:51:41.0967 1740 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:51:42.0077 1740 AFD - ok
13:51:42.0150 1740 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
13:51:42.0176 1740 AgereSoftModem - ok
13:51:42.0230 1740 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:51:42.0237 1740 agp440 - ok
13:51:42.0284 1740 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:51:42.0289 1740 aic78xx - ok
13:51:42.0334 1740 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:51:42.0341 1740 aliide - ok
13:51:42.0385 1740 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:51:42.0397 1740 amdagp - ok
13:51:42.0444 1740 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:51:42.0451 1740 amdide - ok
13:51:42.0501 1740 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:51:42.0506 1740 AmdK8 - ok
13:51:42.0552 1740 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:51:42.0558 1740 AmdPPM - ok
13:51:42.0611 1740 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
13:51:42.0730 1740 amdsata - ok
13:51:42.0903 1740 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:51:42.0950 1740 amdsbs - ok
13:51:42.0979 1740 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
13:51:43.0097 1740 amdxata - ok
13:51:43.0164 1740 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:51:43.0277 1740 AppID - ok
13:51:43.0341 1740 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:51:43.0349 1740 arc - ok
13:51:43.0403 1740 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:51:43.0417 1740 arcsas - ok
13:51:43.0466 1740 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:51:43.0475 1740 AsyncMac - ok
13:51:43.0527 1740 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:51:43.0528 1740 atapi - ok
13:51:43.0652 1740 athr (235056492f54268883ce3dea3acb9997) C:\Windows\system32\DRIVERS\athr.sys
13:51:43.0755 1740 athr - ok
13:51:43.0865 1740 avisfltr (acbd9b32206cb5d771393c8d038734ab) C:\Windows\system32\DRIVERS\avisfltr.sys
13:51:43.0930 1740 avisfltr - ok
13:51:43.0993 1740 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:51:44.0007 1740 b06bdrv - ok
13:51:44.0065 1740 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:51:44.0073 1740 b57nd60x - ok
13:51:44.0123 1740 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:51:44.0128 1740 Beep - ok
13:51:44.0191 1740 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:51:44.0204 1740 blbdrive - ok
13:51:44.0282 1740 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:51:44.0342 1740 bowser - ok
13:51:44.0395 1740 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:51:44.0407 1740 BrFiltLo - ok
13:51:44.0450 1740 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:51:44.0457 1740 BrFiltUp - ok
13:51:44.0514 1740 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\system32\DRIVERS\BrSerId.sys
13:51:44.0527 1740 Brserid - ok
13:51:44.0578 1740 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:51:44.0585 1740 BrSerWdm - ok
13:51:44.0626 1740 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:51:44.0629 1740 BrUsbMdm - ok
13:51:44.0697 1740 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys
13:51:44.0703 1740 BrUsbSer - ok
13:51:44.0764 1740 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
13:51:44.0771 1740 BthEnum - ok
13:51:44.0819 1740 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:51:44.0828 1740 BTHMODEM - ok
13:51:44.0896 1740 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
13:51:44.0904 1740 BthPan - ok
13:51:44.0979 1740 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
13:51:45.0029 1740 BTHPORT - ok
13:51:45.0083 1740 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
13:51:45.0181 1740 BTHUSB - ok
13:51:45.0211 1740 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
13:51:45.0317 1740 btusbflt - ok
13:51:45.0348 1740 btwaudio (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
13:51:45.0406 1740 btwaudio - ok
13:51:45.0428 1740 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
13:51:45.0536 1740 btwavdt - ok
13:51:45.0554 1740 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
13:51:45.0654 1740 btwrchid - ok
13:51:45.0714 1740 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:51:45.0722 1740 cdfs - ok
13:51:45.0773 1740 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
13:51:45.0826 1740 cdrom - ok
13:51:45.0917 1740 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys
13:51:45.0985 1740 cfwids - ok
13:51:46.0032 1740 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:51:46.0040 1740 circlass - ok
13:51:46.0096 1740 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:51:46.0104 1740 CLFS - ok
13:51:46.0159 1740 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:51:46.0163 1740 CmBatt - ok
13:51:46.0210 1740 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:51:46.0214 1740 cmdide - ok
13:51:46.0285 1740 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
13:51:46.0371 1740 CNG - ok
13:51:46.0415 1740 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:51:46.0419 1740 Compbatt - ok
13:51:46.0483 1740 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:51:46.0549 1740 CompositeBus - ok
13:51:46.0595 1740 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:51:46.0600 1740 crcdisk - ok
13:51:46.0681 1740 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
13:51:46.0746 1740 CSC - ok
13:51:46.0808 1740 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
13:51:46.0865 1740 dc3d - ok
13:51:46.0935 1740 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:51:46.0989 1740 DfsC - ok
13:51:47.0054 1740 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:51:47.0059 1740 discache - ok
13:51:47.0101 1740 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:51:47.0105 1740 Disk - ok
13:51:47.0175 1740 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
13:51:47.0186 1740 Dot4 - ok
13:51:47.0257 1740 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:51:47.0380 1740 Dot4Print - ok
13:51:47.0420 1740 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
13:51:47.0426 1740 dot4usb - ok
13:51:47.0494 1740 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:51:47.0502 1740 drmkaud - ok
13:51:47.0579 1740 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:51:47.0664 1740 DXGKrnl - ok
13:51:47.0818 1740 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:51:47.0875 1740 ebdrv - ok
13:51:48.0010 1740 ECS_Loader_220 (24b46483acc0d33783b89c7c0e4939f7) C:\Windows\system32\Drivers\ECS_Loader_220.sys
13:51:48.0138 1740 ECS_Loader_220 - ok
13:51:48.0238 1740 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:51:48.0261 1740 elxstor - ok
13:51:48.0314 1740 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:51:48.0318 1740 ErrDev - ok
13:51:48.0368 1740 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:51:48.0375 1740 exfat - ok
13:51:48.0422 1740 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:51:48.0431 1740 fastfat - ok
13:51:48.0501 1740 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:51:48.0506 1740 fdc - ok
13:51:48.0559 1740 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:51:48.0567 1740 FileInfo - ok
13:51:48.0808 1740 FileMonitor (6ae14fa726f6f3efe8adf6eb5ef75c33) C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys
13:51:48.0916 1740 FileMonitor - ok
13:51:48.0958 1740 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:51:48.0964 1740 Filetrace - ok
13:51:49.0013 1740 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:51:49.0021 1740 flpydisk - ok
13:51:49.0092 1740 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:51:49.0106 1740 FltMgr - ok
13:51:49.0172 1740 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:51:49.0177 1740 FsDepends - ok
13:51:49.0241 1740 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
13:51:49.0354 1740 fssfltr - ok
13:51:49.0398 1740 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:51:49.0402 1740 Fs_Rec - ok
13:51:49.0464 1740 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:51:49.0625 1740 fvevol - ok
13:51:49.0676 1740 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:51:49.0689 1740 gagp30kx - ok
13:51:49.0736 1740 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:51:49.0803 1740 GEARAspiWDM - ok
13:51:49.0861 1740 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:51:49.0868 1740 hcw85cir - ok
13:51:49.0926 1740 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:51:49.0986 1740 HDAudBus - ok
13:51:50.0002 1740 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:51:50.0009 1740 HidBatt - ok
13:51:50.0046 1740 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:51:50.0052 1740 HidBth - ok
13:51:50.0227 1740 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:51:50.0238 1740 HidIr - ok
13:51:50.0294 1740 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
13:51:50.0400 1740 HidUsb - ok
13:51:50.0476 1740 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:51:50.0481 1740 HpSAMD - ok
13:51:50.0547 1740 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:51:50.0614 1740 HTTP - ok
13:51:50.0674 1740 hugoio (7deccb2612255f4b538976ad25da0d29) C:\Windows\system32\drivers\hugoio.sys
13:51:50.0728 1740 hugoio - ok
13:51:50.0789 1740 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:51:50.0858 1740 hwpolicy - ok
13:51:50.0910 1740 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:51:50.0919 1740 i8042prt - ok
13:51:50.0979 1740 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
13:51:51.0120 1740 iaStorV - ok
13:51:51.0187 1740 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:51:51.0199 1740 iirsp - ok
13:51:51.0346 1740 IntcAzAudAddService (ffd2b3bc042596abe785d3c15f51ab46) C:\Windows\system32\drivers\RTKVHDA.sys
13:51:51.0433 1740 IntcAzAudAddService - ok
13:51:51.0494 1740 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:51:51.0498 1740 intelide - ok
13:51:51.0562 1740 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:51:51.0572 1740 intelppm - ok
13:51:51.0639 1740 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:51:51.0646 1740 IpFilterDriver - ok
13:51:51.0701 1740 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:51:51.0754 1740 IPMIDRV - ok
13:51:51.0804 1740 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:51:51.0812 1740 IPNAT - ok
13:51:51.0894 1740 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:51:51.0899 1740 IRENUM - ok
13:51:51.0951 1740 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:51:51.0961 1740 isapnp - ok
13:51:52.0020 1740 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:51:52.0092 1740 iScsiPrt - ok
13:51:52.0139 1740 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:51:52.0143 1740 kbdclass - ok
13:51:52.0196 1740 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
13:51:52.0308 1740 kbdhid - ok
13:51:52.0382 1740 KMDFMEMIO (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
13:51:52.0433 1740 KMDFMEMIO - ok
13:51:52.0487 1740 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
13:51:52.0564 1740 KSecDD - ok
13:51:52.0640 1740 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
13:51:52.0769 1740 KSecPkg - ok
13:51:52.0855 1740 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:51:52.0911 1740 LHidFilt - ok
13:51:52.0978 1740 libusb0 (b716d4d759663bc4174fd0a379da8e50) C:\Windows\system32\drivers\libusb0.sys
13:51:53.0081 1740 libusb0 - ok
13:51:53.0155 1740 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:51:53.0160 1740 lltdio - ok
13:51:53.0186 1740 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:51:53.0243 1740 LMouFilt - ok
13:51:53.0287 1740 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:51:53.0296 1740 LSI_FC - ok
13:51:53.0478 1740 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:51:53.0493 1740 LSI_SAS - ok
13:51:53.0524 1740 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:51:53.0532 1740 LSI_SAS2 - ok
13:51:53.0562 1740 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:51:53.0567 1740 LSI_SCSI - ok
13:51:53.0603 1740 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:51:53.0612 1740 luafv - ok
13:51:53.0666 1740 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
13:51:53.0720 1740 LUsbFilt - ok
13:51:53.0798 1740 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
13:51:53.0905 1740 MBAMProtector - ok
13:51:54.0017 1740 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:51:54.0023 1740 megasas - ok
13:51:54.0077 1740 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:51:54.0088 1740 MegaSR - ok
13:51:54.0163 1740 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys
13:51:54.0229 1740 mfeapfk - ok
13:51:54.0308 1740 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys
13:51:54.0371 1740 mfeavfk - ok
13:51:54.0424 1740 mfeavfk01 - ok
13:51:54.0468 1740 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys
13:51:54.0524 1740 mfebopk - ok
13:51:54.0589 1740 mfefirek (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys
13:51:54.0670 1740 mfefirek - ok
13:51:54.0755 1740 mfehidk (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys
13:51:54.0891 1740 mfehidk - ok
13:51:54.0952 1740 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys
13:51:55.0023 1740 mfenlfk - ok
13:51:55.0102 1740 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys
13:51:55.0161 1740 mferkdet - ok
13:51:55.0393 1740 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys
13:51:55.0478 1740 mfewfpk - ok
13:51:55.0546 1740 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:51:55.0552 1740 Modem - ok
13:51:55.0615 1740 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:51:55.0621 1740 monitor - ok
13:51:55.0689 1740 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:51:55.0694 1740 mouclass - ok
13:51:55.0745 1740 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:51:55.0750 1740 mouhid - ok
13:51:55.0821 1740 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:51:55.0892 1740 mountmgr - ok
13:51:55.0959 1740 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:51:56.0067 1740 mpio - ok
13:51:56.0113 1740 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:51:56.0118 1740 mpsdrv - ok
13:51:56.0177 1740 MREMP50 - ok
13:51:56.0187 1740 MREMPR5 - ok
13:51:56.0197 1740 MRENDIS5 - ok
13:51:56.0207 1740 MRESP50 - ok
13:51:56.0265 1740 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:51:56.0381 1740 MRxDAV - ok
13:51:56.0467 1740 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:51:56.0590 1740 mrxsmb - ok
13:51:56.0663 1740 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:51:56.0796 1740 mrxsmb10 - ok
13:51:56.0837 1740 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:51:56.0938 1740 mrxsmb20 - ok
13:51:56.0994 1740 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:51:57.0100 1740 msahci - ok
13:51:57.0161 1740 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:51:57.0266 1740 msdsm - ok
13:51:57.0344 1740 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:51:57.0355 1740 Msfs - ok
13:51:57.0407 1740 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:51:57.0411 1740 mshidkmdf - ok
13:51:57.0466 1740 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:51:57.0473 1740 msisadrv - ok
13:51:57.0533 1740 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:51:57.0539 1740 MSKSSRV - ok
13:51:57.0605 1740 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:51:57.0611 1740 MSPCLOCK - ok
13:51:57.0657 1740 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:51:57.0663 1740 MSPQM - ok
13:51:57.0718 1740 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:51:57.0732 1740 MsRPC - ok
13:51:57.0791 1740 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:51:57.0794 1740 mssmbios - ok
13:51:57.0811 1740 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:51:57.0818 1740 MSTEE - ok
13:51:57.0864 1740 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:51:57.0868 1740 MTConfig - ok
13:51:57.0899 1740 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:51:57.0904 1740 Mup - ok
13:51:57.0939 1740 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:51:57.0952 1740 NativeWifiP - ok
13:51:58.0016 1740 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:51:58.0022 1740 NDIS - ok
13:51:58.0211 1740 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:51:58.0224 1740 NdisCap - ok
13:51:58.0249 1740 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:51:58.0257 1740 NdisTapi - ok
13:51:58.0306 1740 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:51:58.0359 1740 Ndisuio - ok
13:51:58.0423 1740 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:51:58.0550 1740 NdisWan - ok
13:51:58.0619 1740 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:51:58.0690 1740 NDProxy - ok
13:51:58.0759 1740 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
13:51:58.0827 1740 Netaapl - ok
13:51:58.0883 1740 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:51:58.0892 1740 NetBIOS - ok
13:51:58.0957 1740 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:51:59.0065 1740 NetBT - ok
13:51:59.0239 1740 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:51:59.0251 1740 nfrd960 - ok
13:51:59.0307 1740 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:51:59.0313 1740 Npfs - ok
13:51:59.0342 1740 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:51:59.0349 1740 nsiproxy - ok
13:51:59.0435 1740 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
13:51:59.0523 1740 Ntfs - ok
13:51:59.0563 1740 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:51:59.0567 1740 Null - ok
13:51:59.0609 1740 NVHDA (8571011b62ce0207fa1dc95d88308f1d) C:\Windows\system32\drivers\nvhda32v.sys
13:51:59.0677 1740 NVHDA - ok
13:52:00.0022 1740 nvlddmkm (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:52:00.0529 1740 nvlddmkm - ok
13:52:00.0690 1740 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
13:52:00.0765 1740 nvraid - ok
13:52:00.0812 1740 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
13:52:00.0920 1740 nvstor - ok
13:52:00.0968 1740 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:52:00.0974 1740 nv_agp - ok
13:52:01.0041 1740 NWDellModem (d03072d7a3e4bf86e530f7abe18309fc) C:\Windows\system32\DRIVERS\nwdelmdm.sys
13:52:01.0099 1740 NWDellModem - ok
13:52:01.0155 1740 NWDellPort (d03072d7a3e4bf86e530f7abe18309fc) C:\Windows\system32\DRIVERS\nwdelser.sys
13:52:01.0239 1740 NWDellPort - ok
13:52:01.0276 1740 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:52:01.0284 1740 ohci1394 - ok
13:52:01.0358 1740 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:52:01.0367 1740 Parport - ok
13:52:01.0431 1740 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
13:52:01.0537 1740 partmgr - ok
13:52:01.0568 1740 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:52:01.0572 1740 Parvdm - ok
13:52:01.0621 1740 PCASp50 (803c8e7f4d00fe832c1f3871514fec85) C:\Windows\system32\drivers\PCASp50.sys
13:52:01.0720 1740 PCASp50 - ok
13:52:01.0788 1740 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:52:01.0852 1740 pci - ok
13:52:01.0875 1740 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:52:01.0880 1740 pciide - ok
13:52:01.0936 1740 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:52:01.0949 1740 pcmcia - ok
13:52:02.0003 1740 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:52:02.0008 1740 pcw - ok
13:52:02.0068 1740 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:52:02.0084 1740 PEAUTH - ok
13:52:02.0211 1740 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
13:52:02.0266 1740 Point32 - ok
13:52:02.0333 1740 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:52:02.0338 1740 PptpMiniport - ok
13:52:02.0386 1740 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:52:02.0393 1740 Processor - ok
13:52:02.0459 1740 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:52:02.0461 1740 Psched - ok
13:52:02.0569 1740 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:52:02.0601 1740 ql2300 - ok
13:52:02.0648 1740 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:52:02.0654 1740 ql40xx - ok
13:52:02.0710 1740 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:52:02.0715 1740 QWAVEdrv - ok
13:52:02.0917 1740 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
13:52:03.0018 1740 RapportCerberus_34302 - ok
13:52:03.0136 1740 RapportEI (ef909a5f9479517546ded3c74e1b564d) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
13:52:03.0140 1740 RapportEI - ok
13:52:03.0284 1740 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
13:52:03.0289 1740 RapportIaso - ok
13:52:03.0434 1740 RapportKELL (11c9bfb625c22142ca76832b2e8b3d9b) C:\Windows\system32\Drivers\RapportKELL.sys
13:52:03.0541 1740 RapportKELL - ok
13:52:03.0657 1740 RapportPG (f4777db2f3b8f1de0ba18d6e3b2340ca) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
13:52:03.0662 1740 RapportPG - ok
13:52:03.0734 1740 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:52:03.0746 1740 RasAcd - ok
13:52:03.0823 1740 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:52:03.0836 1740 RasAgileVpn - ok
13:52:03.0904 1740 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:52:03.0911 1740 Rasl2tp - ok
13:52:03.0965 1740 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:52:03.0972 1740 RasPppoe - ok
13:52:04.0024 1740 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:52:04.0030 1740 RasSstp - ok
13:52:04.0106 1740 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:52:04.0215 1740 rdbss - ok
13:52:04.0259 1740 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:52:04.0263 1740 rdpbus - ok
13:52:04.0333 1740 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:52:04.0406 1740 RDPCDD - ok
13:52:04.0451 1740 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:52:04.0509 1740 RDPDR - ok
13:52:04.0561 1740 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:52:04.0567 1740 RDPENCDD - ok
13:52:04.0625 1740 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:52:04.0636 1740 RDPREFMP - ok
13:52:04.0700 1740 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
13:52:04.0754 1740 RdpVideoMiniport - ok
13:52:04.0806 1740 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
13:52:04.0928 1740 RDPWD - ok
13:52:04.0979 1740 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:52:05.0089 1740 rdyboost - ok
13:52:05.0206 1740 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
13:52:05.0215 1740 RFCOMM - ok
13:52:05.0288 1740 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:52:05.0295 1740 rspndr - ok
13:52:05.0348 1740 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:52:05.0405 1740 s3cap - ok
13:52:05.0457 1740 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:52:05.0565 1740 sbp2port - ok
13:52:05.0635 1740 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:52:05.0698 1740 scfilter - ok
13:52:05.0769 1740 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:52:05.0773 1740 secdrv - ok
13:52:05.0842 1740 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:52:05.0847 1740 Serenum - ok
13:52:05.0902 1740 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:52:05.0907 1740 Serial - ok
13:52:05.0960 1740 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:52:05.0963 1740 sermouse - ok
13:52:06.0047 1740 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:52:06.0051 1740 sffdisk - ok
13:52:06.0113 1740 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:52:06.0126 1740 sffp_mmc - ok
13:52:06.0181 1740 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:52:06.0233 1740 sffp_sd - ok
13:52:06.0283 1740 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:52:06.0289 1740 sfloppy - ok
13:52:06.0373 1740 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:52:06.0380 1740 sisagp - ok
13:52:06.0429 1740 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:52:06.0435 1740 SiSRaid2 - ok
13:52:06.0490 1740 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:52:06.0497 1740 SiSRaid4 - ok
13:52:06.0566 1740 SmartDefragDriver (bf302072dc8374cf4e118fd88aa817a2) C:\Windows\system32\Drivers\SmartDefragDriver.sys
13:52:06.0798 1740 SmartDefragDriver - ok
13:52:06.0904 1740 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:52:06.0912 1740 Smb - ok
13:52:07.0022 1740 snapman (bd3863c139f3380a9f44fb188feefc6e) C:\Windows\system32\DRIVERS\snapman.sys
13:52:07.0091 1740 snapman - ok
13:52:07.0225 1740 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:52:07.0231 1740 spldr - ok
13:52:07.0323 1740 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:52:07.0444 1740 srv - ok
13:52:07.0480 1740 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:52:07.0592 1740 srv2 - ok
13:52:07.0636 1740 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:52:07.0756 1740 srvnet - ok
13:52:07.0812 1740 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:52:07.0818 1740 stexstor - ok
13:52:07.0876 1740 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
13:52:07.0878 1740 StillCam - ok
13:52:07.0987 1740 StkCMini (ab80c9dde1f8d9f9f946365205ed55eb) C:\Windows\system32\Drivers\StkCMini.sys
13:52:08.0141 1740 StkCMini - ok
13:52:08.0212 1740 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:52:08.0287 1740 storflt - ok
13:52:08.0337 1740 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:52:08.0391 1740 storvsc - ok
13:52:08.0456 1740 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:52:08.0464 1740 swenum - ok
13:52:08.0526 1740 Synth3dVsc - ok
13:52:08.0592 1740 SynTP (069e5728e565bd401347cb94732c4733) C:\Windows\system32\DRIVERS\SynTP.sys
13:52:08.0674 1740 SynTP - ok
13:52:08.0801 1740 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
13:52:08.0886 1740 Tcpip - ok
13:52:08.0927 1740 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
13:52:08.0937 1740 TCPIP6 - ok
13:52:09.0008 1740 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:52:09.0125 1740 tcpipreg - ok
13:52:09.0187 1740 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:52:09.0285 1740 TDPIPE - ok
13:52:09.0335 1740 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
13:52:09.0459 1740 TDTCP - ok
13:52:09.0522 1740 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:52:09.0643 1740 tdx - ok
13:52:09.0717 1740 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:52:09.0807 1740 TermDD - ok
13:52:09.0925 1740 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:52:10.0040 1740 tssecsrv - ok
13:52:10.0116 1740 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:52:10.0193 1740 TsUsbFlt - ok
13:52:10.0212 1740 tsusbhub - ok
13:52:10.0277 1740 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:52:10.0336 1740 tunnel - ok
13:52:10.0388 1740 U2SP (228d8e60bc9c5238587b0bf1654ec580) C:\Windows\system32\DRIVERS\u2s2kxp.sys
13:52:10.0461 1740 U2SP - ok
13:52:10.0515 1740 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:52:10.0520 1740 uagp35 - ok
13:52:10.0584 1740 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:52:10.0642 1740 udfs - ok
13:52:10.0730 1740 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:52:10.0738 1740 uliagpkx - ok
13:52:10.0773 1740 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
13:52:10.0825 1740 umbus - ok
13:52:10.0863 1740 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:52:10.0867 1740 UmPass - ok
13:52:11.0110 1740 UrlFilter (b848f444340ab5eb8d8773b0ff4e0547) C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys
13:52:11.0230 1740 UrlFilter - ok
13:52:11.0309 1740 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:52:11.0408 1740 USBAAPL - ok
13:52:11.0472 1740 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
13:52:11.0526 1740 usbaudio - ok
13:52:11.0600 1740 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
13:52:11.0669 1740 usbccgp - ok
13:52:11.0736 1740 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:52:11.0742 1740 usbcir - ok
13:52:11.0796 1740 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
13:52:11.0896 1740 usbehci - ok
13:52:11.0948 1740 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
13:52:12.0055 1740 usbhub - ok
13:52:12.0110 1740 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
13:52:12.0114 1740 usbohci - ok
13:52:12.0181 1740 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:52:12.0189 1740 usbprint - ok
13:52:12.0249 1740 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
13:52:12.0257 1740 usbscan - ok
13:52:12.0321 1740 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:52:12.0436 1740 USBSTOR - ok
13:52:12.0489 1740 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
13:52:12.0493 1740 usbuhci - ok
13:52:12.0567 1740 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
13:52:12.0581 1740 usb_rndisx - ok
13:52:12.0707 1740 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:52:12.0717 1740 vdrvroot - ok
13:52:12.0789 1740 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:52:12.0810 1740 vga - ok
13:52:12.0851 1740 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:52:12.0859 1740 VgaSave - ok
13:52:12.0879 1740 VGPU - ok
13:52:12.0930 1740 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:52:12.0998 1740 vhdmp - ok
13:52:13.0035 1740 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:52:13.0043 1740 viaagp - ok
13:52:13.0075 1740 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:52:13.0079 1740 ViaC7 - ok
13:52:13.0139 1740 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:52:13.0143 1740 viaide - ok
13:52:13.0182 1740 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:52:13.0244 1740 vmbus - ok
13:52:13.0278 1740 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:52:13.0329 1740 VMBusHID - ok
13:52:13.0365 1740 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:52:13.0419 1740 volmgr - ok
13:52:13.0462 1740 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:52:13.0474 1740 volmgrx - ok
13:52:13.0537 1740 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:52:13.0597 1740 volsnap - ok
13:52:13.0677 1740 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:52:13.0684 1740 vsmraid - ok
13:52:13.0750 1740 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
13:52:13.0754 1740 vwifibus - ok
13:52:13.0808 1740 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
13:52:13.0815 1740 vwififlt - ok
13:52:13.0866 1740 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
13:52:13.0871 1740 vwifimp - ok
13:52:13.0944 1740 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:52:13.0950 1740 WacomPen - ok
13:52:14.0016 1740 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:52:14.0123 1740 WANARP - ok
13:52:14.0135 1740 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:52:14.0137 1740 Wanarpv6 - ok
13:52:14.0240 1740 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:52:14.0244 1740 Wd - ok
13:52:14.0316 1740 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:52:14.0331 1740 Wdf01000 - ok
13:52:14.0478 1740 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:52:14.0482 1740 WfpLwf - ok
13:52:14.0503 1740 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:52:14.0508 1740 WIMMount - ok
13:52:14.0635 1740 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:52:14.0688 1740 WinUsb - ok
13:52:14.0749 1740 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:52:14.0756 1740 WmiAcpi - ok
13:52:14.0841 1740 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:52:14.0846 1740 ws2ifsl - ok
13:52:14.0892 1740 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
13:52:14.0894 1740 WSDPrintDevice - ok
13:52:14.0992 1740 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:52:15.0111 1740 WudfPf - ok
13:52:15.0149 1740 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:52:15.0253 1740 WUDFRd - ok
13:52:15.0367 1740 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
13:52:15.0500 1740 yukonw7 - ok
13:52:15.0566 1740 ZSMC301b (1e41295eac56589efd9dc3ca14bf3fec) C:\Windows\system32\Drivers\usbVM31b.sys
13:52:15.0633 1740 ZSMC301b - ok
13:52:15.0711 1740 MBR (0x1B8) (7efe35d60f81b18be2fcd6513e1175d9) \Device\Harddisk0\DR0
13:52:16.0089 1740 \Device\Harddisk0\DR0 - ok
13:52:16.0096 1740 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
13:52:16.0103 1740 \Device\Harddisk1\DR1 - ok
13:52:16.0114 1740 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
13:52:16.0121 1740 \Device\Harddisk2\DR2 - ok
13:52:16.0127 1740 Boot (0x1200) (ed0e6fe9785adefc98170fc46b481d40) \Device\Harddisk0\DR0\Partition0
13:52:16.0128 1740 \Device\Harddisk0\DR0\Partition0 - ok
13:52:16.0159 1740 Boot (0x1200) (2102c7fb9b19041d9fa9e0b39223eeef) \Device\Harddisk0\DR0\Partition1
13:52:16.0160 1740 \Device\Harddisk0\DR0\Partition1 - ok
13:52:16.0164 1740 Boot (0x1200) (573edd1b03f7ce865e5b750bd5b49bca) \Device\Harddisk1\DR1\Partition0
13:52:16.0167 1740 \Device\Harddisk1\DR1\Partition0 - ok
13:52:16.0172 1740 Boot (0x1200) (027859e171d3a4811f1bff22a5385c06) \Device\Harddisk1\DR1\Partition1
13:52:16.0173 1740 \Device\Harddisk1\DR1\Partition1 - ok
13:52:16.0179 1740 Boot (0x1200) (8099e4443a6b096edb944fbb523a37c3) \Device\Harddisk1\DR1\Partition2
13:52:16.0180 1740 \Device\Harddisk1\DR1\Partition2 - ok
13:52:16.0186 1740 Boot (0x1200) (3e82b283fd533d18823932f656bec7f1) \Device\Harddisk1\DR1\Partition3
13:52:16.0188 1740 \Device\Harddisk1\DR1\Partition3 - ok
13:52:16.0194 1740 Boot (0x1200) (b35f307ae7de793ff4cc710a86ac446c) \Device\Harddisk2\DR2\Partition0
13:52:16.0195 1740 \Device\Harddisk2\DR2\Partition0 - ok
13:52:16.0196 1740 ============================================================
13:52:16.0196 1740 Scan finished
13:52:16.0196 1740 ============================================================
13:52:16.0212 7444 Detected object count: 0
13:52:16.0212 7444 Actual detected object count: 0
13:52:29.0735 7440 ============================================================
13:52:29.0735 7440 Scan started
13:52:29.0735 7440 Mode: Manual; SigCheck; TDLFS;
13:52:29.0735 7440 ============================================================
13:52:30.0388 7440 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:52:30.0538 7440 1394ohci - ok
13:52:30.0613 7440 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:52:30.0655 7440 ACPI - ok
13:52:30.0701 7440 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:52:30.0763 7440 AcpiPmi - ok
13:52:30.0822 7440 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:52:30.0846 7440 adp94xx - ok
13:52:30.0889 7440 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:52:30.0910 7440 adpahci - ok
13:52:30.0959 7440 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:52:30.0978 7440 adpu320 - ok
13:52:31.0048 7440 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:52:31.0106 7440 AFD - ok
13:52:31.0197 7440 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
13:52:31.0287 7440 AgereSoftModem - ok
13:52:31.0343 7440 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:52:31.0375 7440 agp440 - ok
13:52:31.0452 7440 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:52:31.0473 7440 aic78xx - ok
13:52:31.0514 7440 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:52:31.0530 7440 aliide - ok
13:52:31.0575 7440 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:52:31.0593 7440 amdagp - ok
13:52:31.0646 7440 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:52:31.0675 7440 amdide - ok
13:52:31.0725 7440 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:52:31.0792 7440 AmdK8 - ok
13:52:31.0842 7440 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:52:31.0862 7440 AmdPPM - ok
13:52:31.0933 7440 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
13:52:31.0968 7440 amdsata - ok
13:52:32.0015 7440 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:52:32.0037 7440 amdsbs - ok
13:52:32.0081 7440 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
13:52:32.0097 7440 amdxata - ok
13:52:32.0167 7440 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:52:32.0244 7440 AppID - ok
13:52:32.0300 7440 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:52:32.0319 7440 arc - ok
13:52:32.0373 7440 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:52:32.0390 7440 arcsas - ok
13:52:32.0436 7440 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:52:32.0536 7440 AsyncMac - ok
13:52:32.0586 7440 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:52:32.0603 7440 atapi - ok
13:52:32.0730 7440 athr (235056492f54268883ce3dea3acb9997) C:\Windows\system32\DRIVERS\athr.sys
13:52:32.0855 7440 athr - ok
13:52:32.0936 7440 avisfltr (acbd9b32206cb5d771393c8d038734ab) C:\Windows\system32\DRIVERS\avisfltr.sys
13:52:32.0995 7440 avisfltr - ok
13:52:33.0063 7440 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:52:33.0145 7440 b06bdrv - ok
13:52:33.0202 7440 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:52:33.0266 7440 b57nd60x - ok
13:52:33.0314 7440 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:52:33.0375 7440 Beep - ok
13:52:33.0415 7440 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:52:33.0467 7440 blbdrive - ok
13:52:33.0539 7440 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:52:33.0565 7440 bowser - ok
13:52:33.0620 7440 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:52:33.0665 7440 BrFiltLo - ok
13:52:33.0708 7440 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:52:33.0783 7440 BrFiltUp - ok
13:52:33.0838 7440 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\system32\DRIVERS\BrSerId.sys
13:52:33.0866 7440 Brserid - ok
13:52:33.0913 7440 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:52:33.0966 7440 BrSerWdm - ok
13:52:34.0005 7440 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:52:34.0070 7440 BrUsbMdm - ok
13:52:34.0109 7440 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys
13:52:34.0168 7440 BrUsbSer - ok
13:52:34.0220 7440 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
13:52:34.0314 7440 BthEnum - ok
13:52:34.0363 7440 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:52:34.0414 7440 BTHMODEM - ok
13:52:34.0473 7440 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
13:52:34.0546 7440 BthPan - ok
13:52:34.0623 7440 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
13:52:34.0684 7440 BTHPORT - ok
13:52:34.0727 7440 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
13:52:34.0775 7440 BTHUSB - ok
13:52:34.0833 7440 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
13:52:34.0848 7440 btusbflt - ok
13:52:34.0893 7440 btwaudio (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
13:52:34.0919 7440 btwaudio - ok
13:52:34.0961 7440 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
13:52:34.0976 7440 btwavdt - ok
13:52:35.0022 7440 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
13:52:35.0036 7440 btwrchid - ok
13:52:35.0105 7440 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:52:35.0189 7440 cdfs - ok
13:52:35.0251 7440 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
13:52:35.0310 7440 cdrom - ok
13:52:35.0361 7440 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys
13:52:35.0376 7440 cfwids - ok
13:52:35.0423 7440 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:52:35.0464 7440 circlass - ok
13:52:35.0519 7440 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:52:35.0540 7440 CLFS - ok
13:52:35.0593 7440 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:52:35.0638 7440 CmBatt - ok
13:52:35.0678 7440 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:52:35.0695 7440 cmdide - ok
13:52:35.0763 7440 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
13:52:35.0793 7440 CNG - ok
13:52:35.0827 7440 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:52:35.0844 7440 Compbatt - ok
13:52:35.0906 7440 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:52:35.0958 7440 CompositeBus - ok
13:52:35.0996 7440 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:52:36.0014 7440 crcdisk - ok
13:52:36.0093 7440 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
13:52:36.0134 7440 CSC - ok
13:52:36.0198 7440 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
13:52:36.0268 7440 dc3d - ok
13:52:36.0337 7440 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:52:36.0417 7440 DfsC - ok
13:52:36.0466 7440 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:52:36.0548 7440 discache - ok
13:52:36.0590 7440 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:52:36.0609 7440 Disk - ok
13:52:36.0676 7440 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
13:52:36.0721 7440 Dot4 - ok
13:52:36.0780 7440 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:52:36.0804 7440 Dot4Print - ok
13:52:36.0876 7440 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
13:52:36.0929 7440 dot4usb - ok
13:52:36.0983 7440 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:52:37.0038 7440 drmkaud - ok
13:52:37.0111 7440 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:52:37.0165 7440 DXGKrnl - ok
13:52:37.0318 7440 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:52:37.0408 7440 ebdrv - ok
13:52:37.0587 7440 ECS_Loader_220 (24b46483acc0d33783b89c7c0e4939f7) C:\Windows\system32\Drivers\ECS_Loader_220.sys
13:52:37.0682 7440 ECS_Loader_220 - ok
13:52:37.0771 7440 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:52:37.0806 7440 elxstor - ok
13:52:37.0858 7440 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:52:37.0922 7440 ErrDev - ok
13:52:37.0989 7440 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:52:38.0026 7440 exfat - ok
13:52:38.0077 7440 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:52:38.0137 7440 fastfat - ok
13:52:38.0177 7440 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:52:38.0238 7440 fdc - ok
13:52:38.0280 7440 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:52:38.0299 7440 FileInfo - ok
13:52:38.0518 7440 FileMonitor (6ae14fa726f6f3efe8adf6eb5ef75c33) C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys
13:52:38.0544 7440 FileMonitor - ok
13:52:38.0590 7440 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:52:38.0681 7440 Filetrace - ok
13:52:38.0723 7440 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:52:38.0762 7440 flpydisk - ok
13:52:38.0804 7440 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:52:38.0824 7440 FltMgr - ok
13:52:38.0882 7440 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:52:38.0900 7440 FsDepends - ok
13:52:38.0962 7440 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
13:52:38.0991 7440 fssfltr - ok
13:52:39.0042 7440 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:52:39.0062 7440 Fs_Rec - ok
13:52:39.0131 7440 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:52:39.0175 7440 fvevol - ok
13:52:39.0221 7440 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:52:39.0240 7440 gagp30kx - ok
13:52:39.0281 7440 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:52:39.0296 7440 GEARAspiWDM - ok
13:52:39.0362 7440 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:52:39.0440 7440 hcw85cir - ok
13:52:39.0503 7440 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:52:39.0548 7440 HDAudBus - ok
13:52:39.0564 7440 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:52:39.0604 7440 HidBatt - ok
13:52:39.0646 7440 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:52:39.0702 7440 HidBth - ok
13:52:39.0738 7440 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:52:39.0797 7440 HidIr - ok
13:52:39.0860 7440 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
13:52:39.0903 7440 HidUsb - ok
13:52:39.0966 7440 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:52:39.0984 7440 HpSAMD - ok
13:52:40.0070 7440 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:52:40.0133 7440 HTTP - ok
13:52:40.0185 7440 hugoio (7deccb2612255f4b538976ad25da0d29) C:\Windows\system32\drivers\hugoio.sys
13:52:40.0199 7440 hugoio - ok
13:52:40.0268 7440 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:52:40.0296 7440 hwpolicy - ok
13:52:40.0344 7440 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:52:40.0394 7440 i8042prt - ok
13:52:40.0445 7440 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
13:52:40.0467 7440 iaStorV - ok
13:52:40.0533 7440 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:52:40.0551 7440 iirsp - ok
13:52:40.0681 7440 IntcAzAudAddService (ffd2b3bc042596abe785d3c15f51ab46) C:\Windows\system32\drivers\RTKVHDA.sys
13:52:40.0741 7440 IntcAzAudAddService - ok
13:52:40.0796 7440 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:52:40.0827 7440 intelide - ok
13:52:40.0875 7440 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:52:40.0918 7440 intelppm - ok
13:52:40.0974 7440 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:52:41.0029 7440 IpFilterDriver - ok
13:52:41.0091 7440 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:52:41.0141 7440 IPMIDRV - ok
13:52:41.0183 7440 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:52:41.0239 7440 IPNAT - ok
13:52:41.0285 7440 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:52:41.0314 7440 IRENUM - ok
13:52:41.0385 7440 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:52:41.0403 7440 isapnp - ok
13:52:41.0453 7440 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:52:41.0488 7440 iScsiPrt - ok
13:52:41.0529 7440 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:52:41.0548 7440 kbdclass - ok
13:52:41.0597 7440 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
13:52:41.0640 7440 kbdhid - ok
13:52:41.0695 7440 KMDFMEMIO (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
13:52:41.0742 7440 KMDFMEMIO - ok
13:52:41.0789 7440 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
13:52:41.0807 7440 KSecDD - ok
13:52:41.0865 7440 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
13:52:41.0887 7440 KSecPkg - ok
13:52:41.0969 7440 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:52:41.0985 7440 LHidFilt - ok
13:52:42.0048 7440 libusb0 (b716d4d759663bc4174fd0a379da8e50) C:\Windows\system32\drivers\libusb0.sys
13:52:42.0086 7440 libusb0 - ok
13:52:42.0148 7440 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:52:42.0212 7440 lltdio - ok
13:52:42.0239 7440 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:52:42.0254 7440 LMouFilt - ok
13:52:42.0302 7440 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:52:42.0321 7440 LSI_FC - ok
13:52:42.0504 7440 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:52:42.0536 7440 LSI_SAS - ok
13:52:42.0561 7440 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:52:42.0580 7440 LSI_SAS2 - ok
13:52:42.0610 7440 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:52:42.0628 7440 LSI_SCSI - ok
13:52:42.0661 7440 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:52:42.0718 7440 luafv - ok
13:52:42.0759 7440 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
13:52:42.0773 7440 LUsbFilt - ok
13:52:42.0835 7440 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
13:52:42.0850 7440 MBAMProtector - ok
13:52:43.0087 7440 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:52:43.0114 7440 megasas - ok
13:52:43.0148 7440 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:52:43.0172 7440 MegaSR - ok
13:52:43.0221 7440 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys
13:52:43.0241 7440 mfeapfk - ok
13:52:43.0313 7440 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys
13:52:43.0344 7440 mfeavfk - ok
13:52:43.0360 7440 mfeavfk01 - ok
13:52:43.0406 7440 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys
13:52:43.0421 7440 mfebopk - ok
13:52:43.0461 7440 mfefirek (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys
13:52:43.0480 7440 mfefirek - ok
13:52:43.0526 7440 mfehidk (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys
13:52:43.0548 7440 mfehidk - ok
13:52:43.0614 7440 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys
13:52:43.0642 7440 mfenlfk - ok
13:52:43.0676 7440 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys
13:52:43.0692 7440 mferkdet - ok
13:52:43.0746 7440 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys
13:52:43.0762 7440 mfewfpk - ok
13:52:43.0834 7440 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:52:43.0905 7440 Modem - ok
13:52:44.0056 7440 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:52:44.0107 7440 monitor - ok
13:52:44.0175 7440 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:52:44.0195 7440 mouclass - ok
13:52:44.0241 7440 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:52:44.0304 7440 mouhid - ok
13:52:44.0362 7440 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:52:44.0380 7440 mountmgr - ok
13:52:44.0456 7440 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:52:44.0492 7440 mpio - ok
13:52:44.0543 7440 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:52:44.0609 7440 mpsdrv - ok
13:52:44.0662 7440 MREMP50 - ok
13:52:44.0679 7440 MREMPR5 - ok
13:52:44.0695 7440 MRENDIS5 - ok
13:52:44.0704 7440 MRESP50 - ok
13:52:44.0772 7440 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:52:44.0867 7440 MRxDAV - ok
13:52:44.0931 7440 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:52:44.0992 7440 mrxsmb - ok
13:52:45.0049 7440 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:52:45.0084 7440 mrxsmb10 - ok
13:52:45.0135 7440 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:52:45.0184 7440 mrxsmb20 - ok
13:52:45.0237 7440 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:52:45.0254 7440 msahci - ok
13:52:45.0316 7440 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:52:45.0352 7440 msdsm - ok
13:52:45.0432 7440 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:52:45.0489 7440 Msfs - ok
13:52:45.0539 7440 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:52:45.0609 7440 mshidkmdf - ok
13:52:45.0654 7440 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:52:45.0684 7440 msisadrv - ok
13:52:45.0742 7440 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:52:45.0801 7440 MSKSSRV - ok
13:52:45.0847 7440 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:52:45.0907 7440 MSPCLOCK - ok
13:52:45.0954 7440 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:52:45.0991 7440 MSPQM - ok
13:52:46.0048 7440 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:52:46.0067 7440 MsRPC - ok
13:52:46.0144 7440 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:52:46.0161 7440 mssmbios - ok
13:52:46.0178 7440 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:52:46.0227 7440 MSTEE - ok
13:52:46.0271 7440 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:52:46.0293 7440 MTConfig - ok
13:52:46.0340 7440 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:52:46.0374 7440 Mup - ok
13:52:46.0435 7440 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:52:46.0461 7440 NativeWifiP - ok
13:52:46.0545 7440 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:52:46.0581 7440 NDIS - ok
13:52:46.0629 7440 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:52:46.0737 7440 NdisCap - ok
13:52:46.0775 7440 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:52:46.0836 7440 NdisTapi - ok
13:52:46.0890 7440 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:52:46.0944 7440 Ndisuio - ok
13:52:47.0007 7440 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:52:47.0045 7440 NdisWan - ok
13:52:47.0114 7440 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:52:47.0158 7440 NDProxy - ok
13:52:47.0232 7440 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
13:52:47.0333 7440 Netaapl - ok
13:52:47.0401 7440 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:52:47.0465 7440 NetBIOS - ok
13:52:47.0531 7440 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:52:47.0614 7440 NetBT - ok
13:52:47.0702 7440 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:52:47.0719 7440 nfrd960 - ok
13:52:47.0759 7440 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:52:47.0845 7440 Npfs - ok
13:52:47.0892 7440 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:52:47.0955 7440 nsiproxy - ok
13:52:48.0038 7440 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
13:52:48.0077 7440 Ntfs - ok
13:52:48.0102 7440 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:52:48.0160 7440 Null - ok
13:52:48.0214 7440 NVHDA (8571011b62ce0207fa1dc95d88308f1d) C:\Windows\system32\drivers\nvhda32v.sys
13:52:48.0230 7440 NVHDA - ok
13:52:48.0608 7440 nvlddmkm (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:52:48.0838 7440 nvlddmkm - ok
13:52:48.0997 7440 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
13:52:49.0017 7440 nvraid - ok
13:52:49.0076 7440 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
13:52:49.0095 7440 nvstor - ok
13:52:49.0155 7440 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:52:49.0175 7440 nv_agp - ok
13:52:49.0260 7440 NWDellModem (d03072d7a3e4bf86e530f7abe18309fc) C:\Windows\system32\DRIVERS\nwdelmdm.sys
13:52:49.0349 7440 NWDellModem - ok
13:52:49.0419 7440 NWDellPort (d03072d7a3e4bf86e530f7abe18309fc) C:\Windows\system32\DRIVERS\nwdelser.sys
13:52:49.0437 7440 NWDellPort - ok
13:52:49.0497 7440 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:52:49.0555 7440 ohci1394 - ok
13:52:49.0634 7440 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:52:49.0662 7440 Parport - ok
13:52:49.0728 7440 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
13:52:49.0755 7440 partmgr - ok
13:52:49.0810 7440 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:52:49.0854 7440 Parvdm - ok
13:52:49.0907 7440 PCASp50 (803c8e7f4d00fe832c1f3871514fec85) C:\Windows\system32\drivers\PCASp50.sys
13:52:49.0929 7440 PCASp50 ( UnsignedFile.Multi.Generic ) - warning
13:52:49.0929 7440 PCASp50 - detected UnsignedFile.Multi.Generic (1)
13:52:49.0998 7440 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:52:50.0019 7440 pci - ok
13:52:50.0074 7440 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:52:50.0092 7440 pciide - ok
13:52:50.0146 7440 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:52:50.0167 7440 pcmcia - ok
13:52:50.0213 7440 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:52:50.0233 7440 pcw - ok
13:52:50.0290 7440 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:52:50.0362 7440 PEAUTH - ok
13:52:50.0531 7440 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
13:52:50.0548 7440 Point32 - ok
13:52:50.0631 7440 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:52:50.0715 7440 PptpMiniport - ok
13:52:50.0761 7440 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:52:50.0802 7440 Processor - ok
13:52:50.0857 7440 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:52:50.0925 7440 Psched - ok
13:52:51.0010 7440 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:52:51.0066 7440 ql2300 - ok
13:52:51.0123 7440 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:52:51.0144 7440 ql40xx - ok
13:52:51.0196 7440 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:52:51.0239 7440 QWAVEdrv - ok
13:52:51.0469 7440 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
13:52:51.0504 7440 RapportCerberus_34302 - ok
13:52:51.0798 7440 RapportEI (ef909a5f9479517546ded3c74e1b564d) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
13:52:51.0830 7440 RapportEI - ok
13:52:51.0969 7440 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
13:52:51.0992 7440 RapportIaso - ok
13:52:52.0130 7440 RapportKELL (11c9bfb625c22142ca76832b2e8b3d9b) C:\Windows\system32\Drivers\RapportKELL.sys
13:52:52.0150 7440 RapportKELL - ok
13:52:52.0275 7440 RapportPG (f4777db2f3b8f1de0ba18d6e3b2340ca) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
13:52:52.0303 7440 RapportPG - ok
13:52:52.0374 7440 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:52:52.0440 7440 RasAcd - ok
13:52:52.0507 7440 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:52:52.0570 7440 RasAgileVpn - ok
13:52:52.0622 7440 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:52:52.0687 7440 Rasl2tp - ok
13:52:52.0737 7440 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:52:52.0810 7440 RasPppoe - ok
13:52:52.0851 7440 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:52:52.0907 7440 RasSstp - ok
13:52:52.0968 7440 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:52:53.0055 7440 rdbss - ok
13:52:53.0086 7440 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:52:53.0111 7440 rdpbus - ok
13:52:53.0171 7440 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:52:53.0255 7440 RDPCDD - ok
13:52:53.0300 7440 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:52:53.0390 7440 RDPDR - ok
13:52:53.0422 7440 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:52:53.0479 7440 RDPENCDD - ok
13:52:53.0530 7440 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:52:53.0564 7440 RDPREFMP - ok
13:52:53.0627 7440 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
13:52:53.0753 7440 RdpVideoMiniport - ok
13:52:53.0821 7440 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
13:52:53.0860 7440 RDPWD - ok
13:52:53.0928 7440 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:52:53.0947 7440 rdyboost - ok
13:52:54.0036 7440 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
13:52:54.0109 7440 RFCOMM - ok
13:52:54.0193 7440 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:52:54.0231 7440 rspndr - ok
13:52:54.0297 7440 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:52:54.0388 7440 s3cap - ok
13:52:54.0450 7440 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:52:54.0485 7440 sbp2port - ok
13:52:54.0573 7440 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:52:54.0660 7440 scfilter - ok
13:52:54.0729 7440 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:52:54.0784 7440 secdrv - ok
13:52:54.0846 7440 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:52:54.0868 7440 Serenum - ok
13:52:54.0917 7440 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:52:54.0962 7440 Serial - ok
13:52:54.0997 7440 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:52:55.0057 7440 sermouse - ok
13:52:55.0150 7440 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
13:52:55.0239 7440 sffdisk - ok
13:52:55.0294 7440 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:52:55.0319 7440 sffp_mmc - ok
13:52:55.0373 7440 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:52:55.0420 7440 sffp_sd - ok
13:52:55.0464 7440 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:52:55.0513 7440 sfloppy - ok
13:52:55.0575 7440 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:52:55.0594 7440 sisagp - ok
13:52:55.0643 7440 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:52:55.0674 7440 SiSRaid2 - ok
13:52:55.0725 7440 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:52:55.0745 7440 SiSRaid4 - ok
13:52:55.0801 7440 SmartDefragDriver (bf302072dc8374cf4e118fd88aa817a2) C:\Windows\system32\Drivers\SmartDefragDriver.sys
13:52:55.0815 7440 SmartDefragDriver - ok
13:52:55.0852 7440 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:52:55.0891 7440 Smb - ok
13:52:55.0971 7440 snapman (bd3863c139f3380a9f44fb188feefc6e) C:\Windows\system32\DRIVERS\snapman.sys
13:52:56.0004 7440 snapman - ok
13:52:56.0042 7440 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:52:56.0060 7440 spldr - ok
13:52:56.0283 7440 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:52:56.0373 7440 srv - ok
13:52:56.0596 7440 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:52:56.0654 7440 srv2 - ok
13:52:56.0850 7440 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:52:56.0922 7440 srvnet - ok
13:52:57.0059 7440 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:52:57.0089 7440 stexstor - ok
13:52:57.0399 7440 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
13:52:57.0517 7440 StillCam - ok
13:52:57.0886 7440 StkCMini (ab80c9dde1f8d9f9f946365205ed55eb) C:\Windows\system32\Drivers\StkCMini.sys
13:52:57.0941 7440 StkCMini - ok
13:52:58.0308 7440 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:52:58.0342 7440 storflt - ok
13:52:58.0432 7440 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:52:58.0449 7440 storvsc - ok
13:52:58.0629 7440 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:52:58.0664 7440 swenum - ok
13:52:58.0801 7440 Synth3dVsc - ok
13:52:58.0997 7440 SynTP (069e5728e565bd401347cb94732c4733) C:\Windows\system32\DRIVERS\SynTP.sys
13:52:59.0031 7440 SynTP - ok
13:52:59.0443 7440 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
13:52:59.0489 7440 Tcpip - ok
13:52:59.0530 7440 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
13:52:59.0569 7440 TCPIP6 - ok
13:52:59.0633 7440 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:52:59.0738 7440 tcpipreg - ok
13:52:59.0801 7440 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:52:59.0862 7440 TDPIPE - ok
13:52:59.0905 7440 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
13:52:59.0961 7440 TDTCP - ok
13:53:00.0015 7440 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:53:00.0077 7440 tdx - ok
13:53:00.0143 7440 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:53:00.0161 7440 TermDD - ok
13:53:00.0274 7440 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:53:00.0332 7440 tssecsrv - ok
13:53:00.0399 7440 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:53:00.0480 7440 TsUsbFlt - ok
13:53:00.0500 7440 tsusbhub - ok
13:53:00.0571 7440 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:53:00.0628 7440 tunnel - ok
13:53:00.0716 7440 U2SP (228d8e60bc9c5238587b0bf1654ec580) C:\Windows\system32\DRIVERS\u2s2kxp.sys
13:53:00.0783 7440 U2SP - ok
13:53:00.0832 7440 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:53:00.0850 7440 uagp35 - ok
13:53:00.0912 7440 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:53:00.0967 7440 udfs - ok
13:53:01.0047 7440 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:53:01.0104 7440 uliagpkx - ok
13:53:01.0155 7440 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
13:53:01.0202 7440 umbus - ok
13:53:01.0246 7440 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:53:01.0287 7440 UmPass - ok
13:53:01.0570 7440 UrlFilter (b848f444340ab5eb8d8773b0ff4e0547) C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys
13:53:01.0583 7440 UrlFilter - ok
13:53:01.0703 7440 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:53:01.0769 7440 USBAAPL - ok
13:53:01.0821 7440 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
13:53:01.0872 7440 usbaudio - ok
13:53:01.0939 7440 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
13:53:01.0977 7440 usbccgp - ok
13:53:02.0053 7440 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:53:02.0096 7440 usbcir - ok
13:53:02.0146 7440 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
13:53:02.0168 7440 usbehci - ok
13:53:02.0231 7440 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
13:53:02.0255 7440 usbhub - ok
13:53:02.0306 7440 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
13:53:02.0344 7440 usbohci - ok
13:53:02.0410 7440 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:53:02.0454 7440 usbprint - ok
13:53:02.0521 7440 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
13:53:02.0565 7440 usbscan - ok
13:53:02.0616 7440 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:53:02.0660 7440 USBSTOR - ok
13:53:02.0707 7440 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
13:53:02.0729 7440 usbuhci - ok
13:53:02.0795 7440 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
13:53:02.0867 7440 usb_rndisx - ok
13:53:02.0946 7440 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:53:02.0964 7440 vdrvroot - ok
13:53:03.0050 7440 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:53:03.0104 7440 vga - ok
13:53:03.0145 7440 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:53:03.0183 7440 VgaSave - ok
13:53:03.0202 7440 VGPU - ok
13:53:03.0246 7440 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:53:03.0266 7440 vhdmp - ok
13:53:03.0317 7440 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:53:03.0350 7440 viaagp - ok
13:53:03.0391 7440 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:53:03.0441 7440 ViaC7 - ok
13:53:03.0477 7440 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:53:03.0495 7440 viaide - ok
13:53:03.0553 7440 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:53:03.0573 7440 vmbus - ok
13:53:03.0627 7440 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:53:03.0664 7440 VMBusHID - ok
13:53:03.0726 7440 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:53:03.0743 7440 volmgr - ok
13:53:03.0800 7440 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:53:03.0822 7440 volmgrx - ok
13:53:03.0887 7440 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:53:03.0910 7440 volsnap - ok
13:53:03.0971 7440 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:53:03.0990 7440 vsmraid - ok
13:53:04.0056 7440 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
13:53:04.0098 7440 vwifibus - ok
13:53:04.0136 7440 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
13:53:04.0185 7440 vwififlt - ok
13:53:04.0238 7440 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
13:53:04.0262 7440 vwifimp - ok
13:53:04.0326 7440 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:53:04.0376 7440 WacomPen - ok
13:53:04.0443 7440 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:53:04.0487 7440 WANARP - ok
13:53:04.0498 7440 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:53:04.0535 7440 Wanarpv6 - ok
13:53:04.0644 7440 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:53:04.0672 7440 Wd - ok
13:53:04.0732 7440 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:53:04.0756 7440 Wdf01000 - ok
13:53:04.0872 7440 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:53:04.0909 7440 WfpLwf - ok
13:53:04.0933 7440 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:53:04.0953 7440 WIMMount - ok
13:53:05.0095 7440 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:53:05.0168 7440 WinUsb - ok
13:53:05.0242 7440 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:53:05.0283 7440 WmiAcpi - ok
13:53:05.0378 7440 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:53:05.0443 7440 ws2ifsl - ok
13:53:05.0506 7440 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
13:53:05.0551 7440 WSDPrintDevice - ok
13:53:05.0650 7440 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:53:05.0685 7440 WudfPf - ok
13:53:05.0730 7440 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:53:05.0783 7440 WUDFRd - ok
13:53:05.0903 7440 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
13:53:05.0975 7440 yukonw7 - ok
13:53:06.0035 7440 ZSMC301b (1e41295eac56589efd9dc3ca14bf3fec) C:\Windows\system32\Drivers\usbVM31b.sys
13:53:06.0093 7440 ZSMC301b - ok
13:53:06.0180 7440 MBR (0x1B8) (7efe35d60f81b18be2fcd6513e1175d9) \Device\Harddisk0\DR0
13:53:06.0778 7440 \Device\Harddisk0\DR0 - ok
13:53:06.0792 7440 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
13:53:06.0945 7440 \Device\Harddisk1\DR1 - ok
13:53:06.0955 7440 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
13:53:07.0126 7440 \Device\Harddisk2\DR2 - ok
13:53:07.0151 7440 Boot (0x1200) (ed0e6fe9785adefc98170fc46b481d40) \Device\Harddisk0\DR0\Partition0
13:53:07.0152 7440 \Device\Harddisk0\DR0\Partition0 - ok
13:53:07.0180 7440 Boot (0x1200) (2102c7fb9b19041d9fa9e0b39223eeef) \Device\Harddisk0\DR0\Partition1
13:53:07.0182 7440 \Device\Harddisk0\DR0\Partition1 - ok
13:53:07.0187 7440 Boot (0x1200) (573edd1b03f7ce865e5b750bd5b49bca) \Device\Harddisk1\DR1\Partition0
13:53:07.0188 7440 \Device\Harddisk1\DR1\Partition0 - ok
13:53:07.0196 7440 Boot (0x1200) (027859e171d3a4811f1bff22a5385c06) \Device\Harddisk1\DR1\Partition1
13:53:07.0197 7440 \Device\Harddisk1\DR1\Partition1 - ok
13:53:07.0205 7440 Boot (0x1200) (8099e4443a6b096edb944fbb523a37c3) \Device\Harddisk1\DR1\Partition2
13:53:07.0207 7440 \Device\Harddisk1\DR1\Partition2 - ok
13:53:07.0214 7440 Boot (0x1200) (3e82b283fd533d18823932f656bec7f1) \Device\Harddisk1\DR1\Partition3
13:53:07.0217 7440 \Device\Harddisk1\DR1\Partition3 - ok
13:53:07.0224 7440 Boot (0x1200) (b35f307ae7de793ff4cc710a86ac446c) \Device\Harddisk2\DR2\Partition0
13:53:07.0225 7440 \Device\Harddisk2\DR2\Partition0 - ok
13:53:07.0226 7440 ============================================================
13:53:07.0227 7440 Scan finished
13:53:07.0227 7440 ============================================================
13:53:07.0239 1576 Detected object count: 1
13:53:07.0239 1576 Actual detected object count: 1
14:02:29.0404 1576 C:\Windows\system32\drivers\PCASp50.sys - copied to quarantine
14:02:29.0612 1576 PCASp50 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
15:09:24.0796 3240 Deinitialize success

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 23 January 2012 - 02:46 PM

TrusteerRapport console shows I the screen shot and keylogging attempts are being blocked when logging into a trusted site when it is active. When doing this same on clean PC this does not happen.

Could this be caused by a cookies.

I do not know enough about TrusteerReport. You can contact support on there web page for additional information.
===

Before you contact them let me see check further.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review.

#9 ConfoundedX

ConfoundedX
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 23 January 2012 - 07:39 PM

Hi Nasdaq,

Yes Trusteer Rapport just protects browsing on compromised machine. My bank IT department will analazing logs tomorrow based on what they see happening on my machine when I visit there website while running the program, after I send them the 64 digit key from my installation.

Anyway I have run Combofix and attached the log for your review.

I sure appreciate your help and looking forward to any details you might have to share along with any further instruction!

-Cheers

Attached File  ComboFix.txt   22.15KB   3 downloads

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 24 January 2012 - 10:21 AM

IObit Security 360 is a rogue security program known to cause system problems and that had stolen material from other computer security companies to use in their own program.
IOBit Steals Malwarebytes’ Intellectual Property
IOBit’s Denial of Theft Unconvincing
The program has also been seen to cause numerous system problems that tend to go away after uninstalling their software.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs:
IObit Security 360
Advanced SystemCare

(or any program from IObit)

T-Tools has created a free program that has been designed specifically to remove every last trace of the entries of IObit programs left behind if and when you had decided to uninstall one or more of these programs. Please download BitRemover from here:
http://www.t-tools.nl/bitremoveren.php
Save the program to your Desktop and double-click on the program to run it.

===

Open notepad and copy/paste the text in the quote box below into it:

Driver::
DIEMXLE
QFNPWBKEOJ
VQPISRIYMU
XRQIXPCMMCS
YNEZZYWKD


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review.

#11 ConfoundedX

ConfoundedX
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 24 January 2012 - 05:55 PM

Hi Nadaq and thanks for continued homework.

I do not use iobit Security 360, but I do have paid Pro version of Advanced System Care and found and have found it helpful over the years and always kept it updated. Recently a free version of their new Anti Malware program a few weeks ago after all this began was installed with an update. I tried it once. No problem to remove it.

I will remove both if this is bad business but neither are the issue or cause of the problems. If this PC is infected it is due to the other PC on the Network that was reformatted after some very serious hacking took place on it. Another forum has advised reformatting all PCS on the Network, and clearing and reset up my router. This was not caused by iObit on this PC.

*****Can you please tell me if you can see anything from the logs I have posted pointing to any rootkit or backdoor compromise that allows anyone in or to steal screen shots & key entries?*****

What causes an IP address to appear in my LAN PROXY settings on every reboot? (only on this Medion profile)? The proxy is not enabled, but this happened on the other PC, and it was enabled and was the reason I suspected a compromise when I found and could not permanently delete it.

See this link about that PC,

http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=58703

which resulted in Russians getting into our bank account and taking tens of thousands! (All stopped!)

I will gladly do the rest of your tasks on your reply please!

Thanks

James

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 25 January 2012 - 10:09 AM

I do not use iobit Security 360, but I do have paid Pro version of Advanced System Care and found and have found it helpful over the years and always kept it updated. Recently a free version of their new Anti Malware program a few weeks ago after all this began was installed with an update. I tried it once. No problem to remove it.

I will remove both if this is bad business but neither are the issue or cause of the problems. If this PC is infected it is due to the other PC on the Network that was reformatted after some very serious hacking took place on it. Another forum has advised reformatting all PCS on the Network, and clearing and reset up my router. This was not caused by iObit on this PC.

It's you call if you want to keep them.

===

*****Can you please tell me if you can see anything from the logs I have posted pointing to any rootkit or backdoor compromise that allows anyone in or to steal screen shots & key entries?*****

The only think I know is what files were deleted by ComboFix. We might find something if the files were analyse but it's beyond the scope of the forum.
===

See this link about that PC,

http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=58703

which resulted in Russians getting into our bank account and taking tens of thousands! (All stopped!)

Was this computer cleaned. Looking at your your from Malwarebytes I see that the infection is caused by the ZeroAccess rootkit which may have the the caused of the fraud.
===

What causes an IP address to appear in my LAN PROXY settings on every reboot? (only on this Medion profile)? The proxy is not enabled, but this happened on the other PC, and it was enabled and was the reason I suspected a compromise when I found and could not permanently delete it.


Your router may have been compromised.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html

#13 ConfoundedX

ConfoundedX
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 27 January 2012 - 02:57 PM

Hi Nasdaq,
Just checking in. Sorry I have not had to follow with last steps you provided except, I have uninstalled iObit Malware fighter freeware (?) I only allow Advance System Care Pro to connect with internet when allowed on a per session only.
I have reset my Thompson Speedtouch Router.

I do not think the Proxy address that keeps reappearing on every reboot is Router issue. It only happens on the Medion named profile. Something running in that profile seems to add it. But the Proxy is not enabled as minitools shows. Reset it and it returned after reboot.

As I mentioned same thing happened in the box you said had a Zero Access Rootkit. BYW Which entry from those old DDS logs showed you zero access was present?

More l8er

Thanks again!

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 AM

Posted 28 January 2012 - 09:18 AM

As I mentioned same thing happened in the box you said had a Zero Access Rootkit. BYW Which entry from those old DDS logs showed you zero access was present?

I previously said that it came from your Malwarebytes' log.

Let see if we can find some reference in your registry.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :regfind
    98.191.225.180
    98.191.225.180:3128

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users