Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Run Antivirus Programs


  • This topic is locked This topic is locked
4 replies to this topic

#1 bucksandy34

bucksandy34

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 28 January 2012 - 12:54 PM

Hello!
I am having trouble with my computer. I have Windows XP on my Dell laptop. I cannot run any antivirus programs on my computer. When I try, the dialog box pops up asking which program I want to use to run the anti-virus software. Also, whenever I try to click a search result on Google, it goes to an advertisment for Norton. I keep getting a pop-up telling me how people in my community are making thousands from home. I tried to do a system restore, but the computer won't let me. I tried operating in safe mode, but the same problems occur. Is there anything I can do?

Thanks!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:46 AM

Posted 30 January 2012 - 03:12 AM

Please download exeHelper to your desktop.

http://www.raktor.net/exeHelper/exeHelper.com

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Post the clean log

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 bucksandy34

bucksandy34
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 01 February 2012 - 06:02 PM

The forum said my post was too long, so I will break it into multiple relpies. I had some trouble getting these programs to download/run, but eventually they all worked. The exehelper did not work until after I ran the other scans, so I don't know if that makes a difference since it wasn't in the order you posted. Here are the log files:

MalwareBytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 912013108

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/1/2012 2:20:31 PM
mbam-log-2012-02-01 (14-20-31).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 265576
Time elapsed: 4 hour(s), 17 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\6to4v32.dll (Trojan.Wimpixo) -> Delete on reboot.
c:\WINDOWS\system32\NUSB3w32.dll (Trojan.Dropper) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (PUM.HijackExefiles) -> Bad: (5D) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Andrew McDonald\Local Settings\Application Data\fcb.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\6to4v32.dll (Trojan.Wimpixo) -> Delete on reboot.
c:\WINDOWS\system32\NUSB3w32.dll (Trojan.Dropper) -> Delete on reboot.
c:\documents and settings\andrew mcdonald\local settings\temp\oiu0.39290875858342633.exe (Spyware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\andrew mcdonald\my documents\kFhDsy.exe (Spyware.Agent) -> Quarantined and deleted successfully.
c:\windows\temp\sv31321.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\fka0.9365358769635977.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\mos0.5184156567296982.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.

TDSSKiller:

14:29:50.0750 7764 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
14:29:52.0750 7764 ============================================================
14:29:52.0750 7764 Current date / time: 2012/02/01 14:29:52.0750
14:29:52.0750 7764 SystemInfo:
14:29:52.0750 7764
14:29:52.0750 7764 OS Version: 5.1.2600 ServicePack: 3.0
14:29:52.0750 7764 Product type: Workstation
14:29:52.0750 7764 ComputerName: BOOGERSII
14:29:52.0750 7764 UserName: Andrew McDonald
14:29:52.0750 7764 Windows directory: C:\WINDOWS
14:29:52.0750 7764 System windows directory: C:\WINDOWS
14:29:52.0750 7764 Processor architecture: Intel x86
14:29:52.0750 7764 Number of processors: 2
14:29:52.0750 7764 Page size: 0x1000
14:29:52.0750 7764 Boot type: Normal boot
14:29:52.0750 7764 ============================================================
14:30:04.0109 7764 Drive \Device\Harddisk0\DR0 - Size: 0x16F0649400 (91.76 Gb), SectorSize: 0x200, Cylinders: 0x2ECA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:30:04.0140 7764 \Device\Harddisk0\DR0:
14:30:04.0156 7764 MBR used
14:30:04.0156 7764 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x855E0C1
14:30:04.0156 7764 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8579808, BlocksNum 0x2B7AF96
14:30:04.0859 7764 Initialize success
14:30:04.0859 7764 ============================================================
14:30:41.0343 7260 ============================================================
14:30:41.0343 7260 Scan started
14:30:41.0343 7260 Mode: Manual; TDLFS;
14:30:41.0343 7260 ============================================================
14:30:42.0531 7260 Abiosdsk - ok
14:30:43.0000 7260 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:30:43.0640 7260 abp480n5 - ok
14:30:44.0203 7260 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:30:44.0312 7260 ACPI - ok
14:30:44.0843 7260 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:30:44.0859 7260 ACPIEC - ok
14:30:45.0375 7260 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:30:45.0640 7260 adpu160m - ok
14:30:46.0171 7260 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:30:46.0250 7260 aec - ok
14:30:46.0703 7260 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:30:46.0875 7260 AegisP - ok
14:30:47.0562 7260 AFD (3026669a090dbbcd8214388ee1a3b70d) C:\WINDOWS\System32\drivers\afd.sys
14:30:47.0750 7260 AFD ( Virus.Win32.ZAccess.k ) - infected
14:30:47.0750 7260 AFD - detected Virus.Win32.ZAccess.k (0)
14:30:48.0765 7260 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:30:48.0796 7260 agp440 - ok
14:30:49.0406 7260 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:30:49.0437 7260 agpCPQ - ok
14:30:49.0921 7260 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:30:49.0921 7260 Aha154x - ok
14:30:50.0875 7260 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:30:51.0062 7260 aic78u2 - ok
14:30:51.0609 7260 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:30:51.0640 7260 aic78xx - ok
14:30:52.0078 7260 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:30:52.0078 7260 AliIde - ok
14:30:52.0578 7260 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:30:52.0609 7260 alim1541 - ok
14:30:53.0046 7260 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:30:53.0078 7260 amdagp - ok
14:30:53.0515 7260 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:30:53.0515 7260 amsint - ok
14:30:53.0984 7260 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
14:30:53.0984 7260 APPDRV - ok
14:30:54.0531 7260 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:30:54.0562 7260 Arp1394 - ok
14:30:55.0015 7260 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:30:55.0046 7260 asc - ok
14:30:55.0515 7260 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:30:55.0531 7260 asc3350p - ok
14:30:56.0031 7260 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:30:56.0046 7260 asc3550 - ok
14:30:56.0765 7260 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:30:56.0796 7260 AsyncMac - ok
14:30:57.0593 7260 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:30:57.0593 7260 atapi - ok
14:30:58.0156 7260 Atdisk - ok
14:30:58.0968 7260 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:30:59.0015 7260 Atmarpc - ok
14:30:59.0812 7260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:30:59.0843 7260 audstub - ok
14:31:00.0484 7260 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
14:31:00.0531 7260 bcm4sbxp - ok
14:31:01.0078 7260 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:31:01.0093 7260 Beep - ok
14:31:01.0093 7260 catchme - ok
14:31:01.0625 7260 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:31:01.0640 7260 cbidf - ok
14:31:02.0171 7260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:31:02.0187 7260 cbidf2k - ok
14:31:02.0703 7260 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:31:02.0703 7260 cd20xrnt - ok
14:31:03.0125 7260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:31:03.0140 7260 Cdaudio - ok
14:31:03.0734 7260 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:31:03.0781 7260 Cdfs - ok
14:31:04.0281 7260 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:31:04.0328 7260 Cdrom - ok
14:31:04.0765 7260 Changer - ok
14:31:05.0234 7260 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:31:05.0250 7260 CmBatt - ok
14:31:05.0765 7260 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:31:05.0859 7260 CmdIde - ok
14:31:06.0390 7260 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:31:06.0406 7260 Compbatt - ok
14:31:06.0843 7260 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:31:06.0859 7260 Cpqarray - ok
14:31:07.0359 7260 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
14:31:07.0406 7260 ctxusbm - ok
14:31:07.0859 7260 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
14:31:07.0859 7260 CVirtA - ok
14:31:08.0437 7260 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:31:08.0546 7260 dac2w2k - ok
14:31:09.0000 7260 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:31:09.0171 7260 dac960nt - ok
14:31:09.0640 7260 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:31:09.0703 7260 Disk - ok
14:31:10.0640 7260 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:31:11.0125 7260 dmboot - ok
14:31:11.0687 7260 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:31:11.0890 7260 dmio - ok
14:31:12.0390 7260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:31:12.0390 7260 dmload - ok
14:31:12.0906 7260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:31:12.0937 7260 DMusic - ok
14:31:13.0421 7260 dnrrfax (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\uusses.sys
14:31:13.0453 7260 dnrrfax - ok
14:31:13.0953 7260 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:31:13.0968 7260 dpti2o - ok
14:31:14.0390 7260 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:31:14.0406 7260 drmkaud - ok
14:31:14.0984 7260 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
14:31:15.0046 7260 drvmcdb - ok
14:31:15.0578 7260 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
14:31:15.0593 7260 drvnddm - ok
14:31:15.0843 7260 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
14:31:15.0859 7260 DSproct - ok
14:31:16.0406 7260 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
14:31:16.0406 7260 dsunidrv - ok
14:31:16.0921 7260 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:31:17.0109 7260 E100B - ok
14:31:17.0640 7260 ElRawDisk (b8eac99b14772bdc36ca963aed109fa2) C:\WINDOWS\system32\drivers\dddsk.sys
14:31:17.0656 7260 ElRawDisk - ok
14:31:18.0250 7260 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:31:18.0343 7260 Fastfat - ok
14:31:18.0906 7260 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:31:18.0937 7260 Fdc - ok
14:31:19.0531 7260 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:31:19.0562 7260 Fips - ok
14:31:20.0015 7260 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:31:20.0062 7260 Flpydisk - ok
14:31:20.0625 7260 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:31:20.0703 7260 FltMgr - ok
14:31:21.0296 7260 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:31:21.0296 7260 Fs_Rec - ok
14:31:21.0859 7260 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:31:21.0937 7260 Ftdisk - ok
14:31:22.0656 7260 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:31:22.0687 7260 Gpc - ok
14:31:23.0437 7260 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:31:23.0546 7260 HDAudBus - ok
14:31:24.0046 7260 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:31:24.0062 7260 HidUsb - ok
14:31:24.0578 7260 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:31:24.0593 7260 hpn - ok
14:31:25.0109 7260 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:31:25.0140 7260 HPZid412 - ok
14:31:25.0625 7260 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:31:25.0640 7260 HPZipr12 - ok
14:31:26.0109 7260 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:31:26.0375 7260 HPZius12 - ok
14:31:26.0953 7260 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
14:31:27.0078 7260 HSFHWAZL - ok
14:31:28.0234 7260 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
14:31:28.0812 7260 HSF_DPV - ok
14:31:29.0578 7260 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:31:29.0765 7260 HTTP - ok
14:31:30.0515 7260 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:31:30.0531 7260 i2omgmt - ok
14:31:31.0062 7260 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:31:31.0078 7260 i2omp - ok
14:31:31.0703 7260 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:31:31.0734 7260 i8042prt - ok
14:31:33.0578 7260 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:31:34.0625 7260 ialm - ok
14:31:35.0546 7260 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:31:35.0578 7260 Imapi - ok
14:31:36.0343 7260 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:31:36.0359 7260 ini910u - ok
14:31:36.0859 7260 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:31:36.0875 7260 IntelIde - ok
14:31:37.0718 7260 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:31:37.0765 7260 intelppm - ok
14:31:38.0562 7260 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:31:38.0625 7260 Ip6Fw - ok
14:31:39.0171 7260 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:31:39.0250 7260 IpFilterDriver - ok
14:31:39.0906 7260 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:31:39.0953 7260 IpInIp - ok
14:31:40.0562 7260 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:31:40.0671 7260 IpNat - ok
14:31:41.0468 7260 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:31:41.0562 7260 IPSec - ok
14:31:42.0359 7260 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:31:42.0359 7260 IRENUM - ok
14:31:42.0906 7260 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:31:42.0921 7260 isapnp - ok
14:31:43.0828 7260 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:31:43.0843 7260 Kbdclass - ok
14:31:44.0562 7260 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:31:44.0687 7260 kmixer - ok
14:31:45.0546 7260 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:31:45.0703 7260 KSecDD - ok
14:31:46.0156 7260 lbrtfdc - ok
14:31:46.0750 7260 MBAMSwissArmy - ok
14:31:46.0953 7260 mchInjDrv - ok
14:31:47.0718 7260 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:31:47.0734 7260 mdmxsdk - ok
14:31:48.0453 7260 mfeapfk (4d81c0e4ed846e9a70b881891a5598ab) C:\WINDOWS\system32\drivers\mfeapfk.sys
14:31:48.0546 7260 mfeapfk - ok
14:31:50.0031 7260 mfeavfk (ff75f47ec2a9ea3e780a9d08daba1276) C:\WINDOWS\system32\drivers\mfeavfk.sys
14:31:50.0093 7260 mfeavfk - ok
14:31:51.0046 7260 mfebopk (5a3b000fdccf826ffb74e76b0474c856) C:\WINDOWS\system32\drivers\mfebopk.sys
14:31:51.0062 7260 mfebopk - ok
14:31:52.0031 7260 mfehidk (8e6b4e55d3a33b92693f7081ec018c39) C:\WINDOWS\system32\drivers\mfehidk.sys
14:31:52.0296 7260 mfehidk - ok
14:31:52.0906 7260 mferkdet (fa097d72a439c3a387fe38a654df44c5) C:\WINDOWS\system32\drivers\mferkdet.sys
14:31:53.0203 7260 mferkdet - ok
14:31:53.0453 7260 mferkdk - ok
14:31:54.0312 7260 mfetdik (a45d0c099a478de5cbd0d6e8466becd5) C:\WINDOWS\system32\drivers\mfetdik.sys
14:31:54.0375 7260 mfetdik - ok
14:31:55.0312 7260 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:31:55.0328 7260 mnmdd - ok
14:31:56.0015 7260 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:31:56.0031 7260 Modem - ok
14:31:56.0921 7260 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:31:56.0953 7260 Mouclass - ok
14:31:57.0796 7260 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:31:57.0828 7260 mouhid - ok
14:31:59.0062 7260 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:31:59.0093 7260 MountMgr - ok
14:31:59.0796 7260 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:31:59.0812 7260 mraid35x - ok
14:32:00.0625 7260 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:32:00.0734 7260 MRxDAV - ok
14:32:01.0843 7260 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:32:02.0203 7260 MRxSmb - ok
14:32:02.0796 7260 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:32:02.0796 7260 Msfs - ok
14:32:03.0343 7260 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:32:03.0343 7260 MSKSSRV - ok
14:32:03.0843 7260 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:32:03.0890 7260 MSPCLOCK - ok
14:32:04.0812 7260 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:32:04.0828 7260 MSPQM - ok
14:32:05.0625 7260 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:32:05.0687 7260 mssmbios - ok
14:32:07.0109 7260 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:32:07.0281 7260 Mup - ok
14:32:07.0968 7260 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:32:08.0140 7260 NDIS - ok
14:32:08.0921 7260 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:32:08.0968 7260 NdisTapi - ok
14:32:09.0718 7260 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:32:09.0750 7260 Ndisuio - ok
14:32:10.0515 7260 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:32:10.0640 7260 NdisWan - ok
14:32:11.0359 7260 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:32:11.0390 7260 NDProxy - ok
14:32:12.0000 7260 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:32:12.0031 7260 NetBIOS - ok
14:32:13.0734 7260 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:32:13.0875 7260 NetBT - ok
14:32:14.0796 7260 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:32:14.0828 7260 NIC1394 - ok
14:32:15.0546 7260 NielGfx - ok
14:32:16.0046 7260 nielprt - ok
14:32:16.0875 7260 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:32:16.0890 7260 Npfs - ok
14:32:17.0937 7260 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:32:18.0359 7260 Ntfs - ok
14:32:19.0203 7260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:32:19.0218 7260 Null - ok
14:32:21.0250 7260 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:32:22.0750 7260 nv - ok
14:32:23.0593 7260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:32:23.0703 7260 NwlnkFlt - ok
14:32:24.0312 7260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:32:24.0343 7260 NwlnkFwd - ok
14:32:25.0109 7260 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:32:25.0156 7260 ohci1394 - ok
14:32:26.0562 7260 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
14:32:26.0593 7260 omci - ok
14:32:27.0468 7260 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:32:27.0515 7260 Parport - ok
14:32:27.0984 7260 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:32:28.0000 7260 PartMgr - ok
14:32:28.0546 7260 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:32:28.0546 7260 ParVdm - ok
14:32:29.0000 7260 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:32:29.0046 7260 PCI - ok
14:32:29.0734 7260 PCIDump - ok
14:32:30.0703 7260 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:32:30.0718 7260 PCIIde - ok
14:32:31.0796 7260 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:32:31.0953 7260 Pcmcia - ok
14:32:32.0640 7260 PDCOMP - ok
14:32:33.0156 7260 PDFRAME - ok
14:32:33.0750 7260 PDRELI - ok
14:32:34.0359 7260 PDRFRAME - ok
14:32:34.0859 7260 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:32:34.0906 7260 perc2 - ok
14:32:36.0000 7260 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:32:36.0015 7260 perc2hib - ok
14:32:37.0828 7260 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:32:37.0859 7260 PptpMiniport - ok
14:32:38.0640 7260 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:32:38.0703 7260 PSched - ok
14:32:39.0484 7260 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:32:39.0500 7260 Ptilink - ok
14:32:40.0296 7260 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:32:40.0578 7260 PxHelp20 - ok
14:32:41.0437 7260 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:32:41.0500 7260 ql1080 - ok
14:32:42.0406 7260 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:32:42.0437 7260 Ql10wnt - ok
14:32:43.0062 7260 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:32:43.0125 7260 ql12160 - ok
14:32:44.0109 7260 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:32:44.0171 7260 ql1240 - ok
14:32:44.0968 7260 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:32:45.0031 7260 ql1280 - ok
14:32:46.0093 7260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:32:46.0140 7260 RasAcd - ok
14:32:46.0890 7260 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:32:46.0937 7260 Rasl2tp - ok
14:32:47.0828 7260 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:32:47.0890 7260 RasPppoe - ok
14:32:48.0687 7260 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:32:48.0703 7260 Raspti - ok
14:32:49.0468 7260 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:32:49.0593 7260 Rdbss - ok
14:32:50.0328 7260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:32:50.0359 7260 RDPCDD - ok
14:32:51.0546 7260 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:32:51.0890 7260 rdpdr - ok
14:32:53.0546 7260 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:32:53.0703 7260 RDPWD - ok
14:32:54.0656 7260 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:32:54.0718 7260 redbook - ok
14:32:55.0468 7260 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
14:32:56.0203 7260 rimmptsk - ok
14:32:57.0437 7260 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
14:32:57.0468 7260 rimsptsk - ok
14:32:58.0437 7260 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
14:33:00.0625 7260 rismxdp - ok
14:33:04.0343 7260 s24trans (2e4e912ce95f5ef4d4a5079f6ce367fc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
14:33:04.0390 7260 s24trans - ok
14:33:05.0312 7260 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:33:05.0359 7260 sdbus - ok
14:33:06.0546 7260 SDTHOOK (f88d17b93621eeb8bef33b81e3af9207) C:\WINDOWS\system32\DRIVERS\SDTHOOK.sys
14:33:06.0625 7260 SDTHOOK - ok
14:33:07.0734 7260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:33:07.0765 7260 Secdrv - ok
14:33:08.0703 7260 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:33:08.0750 7260 serenum - ok
14:33:09.0750 7260 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:33:09.0781 7260 Serial - ok
14:33:10.0578 7260 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
14:33:10.0593 7260 sffdisk - ok
14:33:11.0390 7260 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
14:33:11.0390 7260 sffp_sd - ok
14:33:11.0968 7260 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:33:11.0984 7260 Sfloppy - ok
14:33:12.0578 7260 Simbad - ok
14:33:13.0453 7260 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:33:13.0515 7260 sisagp - ok
14:33:14.0234 7260 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:33:14.0343 7260 Sparrow - ok
14:33:14.0953 7260 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:33:14.0968 7260 splitter - ok
14:33:15.0609 7260 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:33:15.0656 7260 sr - ok
14:33:16.0468 7260 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:33:16.0703 7260 Srv - ok
14:33:17.0390 7260 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
14:33:17.0453 7260 sscdbhk5 - ok
14:33:18.0000 7260 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
14:33:18.0015 7260 ssrtln - ok
14:33:20.0015 7260 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
14:33:21.0015 7260 STHDA - ok
14:33:22.0078 7260 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:33:22.0078 7260 swenum - ok
14:33:22.0890 7260 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:33:22.0953 7260 swmidi - ok
14:33:23.0656 7260 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:33:23.0687 7260 symc810 - ok
14:33:24.0531 7260 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:33:24.0546 7260 symc8xx - ok
14:33:25.0125 7260 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:33:25.0140 7260 sym_hi - ok
14:33:25.0906 7260 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:33:25.0921 7260 sym_u3 - ok
14:33:26.0671 7260 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:33:26.0796 7260 SynTP - ok
14:33:27.0625 7260 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:33:27.0687 7260 sysaudio - ok
14:33:28.0609 7260 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:33:28.0828 7260 Tcpip - ok
14:33:29.0500 7260 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:33:29.0812 7260 TDPIPE - ok
14:33:30.0750 7260 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:33:30.0765 7260 TDTCP - ok
14:33:31.0750 7260 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:33:31.0812 7260 TermDD - ok
14:33:32.0656 7260 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
14:33:32.0703 7260 tfsnboio - ok
14:33:33.0156 7260 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
14:33:33.0187 7260 tfsncofs - ok
14:33:33.0953 7260 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
14:33:33.0984 7260 tfsndrct - ok
14:33:34.0656 7260 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
14:33:34.0859 7260 tfsndres - ok
14:33:36.0390 7260 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
14:33:36.0484 7260 tfsnifs - ok
14:33:37.0453 7260 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
14:33:37.0500 7260 tfsnopio - ok
14:33:37.0984 7260 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
14:33:38.0000 7260 tfsnpool - ok
14:33:38.0750 7260 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
14:33:38.0828 7260 tfsnudf - ok
14:33:39.0609 7260 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
14:33:39.0765 7260 tfsnudfa - ok
14:33:40.0500 7260 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:33:40.0515 7260 TosIde - ok
14:33:42.0500 7260 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:33:42.0562 7260 Udfs - ok
14:33:43.0390 7260 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:33:43.0500 7260 ultra - ok
14:33:45.0203 7260 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:33:45.0546 7260 Update - ok
14:33:46.0421 7260 usbbus (153722a7c13f39f2d622a6865a9f0e5f) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
14:33:46.0437 7260 usbbus - ok
14:33:47.0062 7260 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:33:47.0125 7260 usbccgp - ok
14:33:47.0828 7260 UsbDiag (76f4a87b58cf94d0fa3a8dd8a94ae27e) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
14:33:48.0031 7260 UsbDiag - ok
14:33:48.0812 7260 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:33:48.0843 7260 usbehci - ok
14:33:49.0656 7260 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:33:49.0718 7260 usbhub - ok
14:33:50.0734 7260 USBModem (8d74ed44788d93133ffe4f116331fe35) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
14:33:50.0750 7260 USBModem - ok
14:33:51.0578 7260 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:33:51.0609 7260 usbprint - ok
14:33:52.0640 7260 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:33:52.0703 7260 usbscan - ok
14:33:53.0625 7260 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:33:53.0640 7260 USBSTOR - ok
14:33:54.0703 7260 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:33:54.0750 7260 usbuhci - ok
14:33:55.0484 7260 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:33:55.0500 7260 VgaSave - ok
14:33:56.0281 7260 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:33:56.0312 7260 viaagp - ok
14:33:56.0828 7260 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:33:56.0828 7260 ViaIde - ok
14:33:57.0531 7260 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:33:57.0609 7260 VolSnap - ok
14:33:58.0109 7260 vpnva - ok
14:33:58.0562 7260 vsdatant - ok
14:34:00.0046 7260 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
14:34:01.0093 7260 w39n51 - ok
14:34:02.0000 7260 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:34:02.0015 7260 Wanarp - ok
14:34:02.0609 7260 wanatw - ok
14:34:03.0781 7260 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
14:34:04.0109 7260 Wdf01000 - ok
14:34:04.0687 7260 WDICA - ok
14:34:05.0531 7260 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:34:05.0578 7260 wdmaud - ok
14:34:07.0156 7260 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:34:07.0906 7260 winachsf - ok
14:34:08.0765 7260 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:34:08.0765 7260 WmiAcpi - ok
14:34:09.0593 7260 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:34:09.0625 7260 WpdUsb - ok
14:34:10.0328 7260 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:34:10.0359 7260 WS2IFSL - ok
14:34:10.0921 7260 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:34:10.0968 7260 WudfPf - ok
14:34:11.0640 7260 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:34:11.0718 7260 WudfRd - ok
14:34:11.0843 7260 MBR (0x1B8) (dea9e81f0228b68c9adaf84c9b0cf931) \Device\Harddisk0\DR0
14:34:12.0109 7260 \Device\Harddisk0\DR0 - ok
14:34:12.0140 7260 Boot (0x1200) (6f53fa53cd5ebc722cadb7edb69cbb1c) \Device\Harddisk0\DR0\Partition0
14:34:12.0218 7260 \Device\Harddisk0\DR0\Partition0 - ok
14:34:12.0421 7260 Boot (0x1200) (37e89b4d446982e972faed77cd387d1a) \Device\Harddisk0\DR0\Partition1
14:34:12.0437 7260 \Device\Harddisk0\DR0\Partition1 - ok
14:34:12.0437 7260 ============================================================
14:34:12.0437 7260 Scan finished
14:34:12.0437 7260 ============================================================
14:34:12.0453 5068 Detected object count: 1
14:34:12.0453 5068 Actual detected object count: 1
14:35:40.0453 5068 C:\WINDOWS\System32\drivers\afd.sys - copied to quarantine
14:35:40.0984 5068 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
14:36:01.0812 5068 Backup copy found, using it..
14:36:02.0625 5068 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
14:36:49.0531 5068 AFD ( Virus.Win32.ZAccess.k ) - User select action: Cure

GMER!:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-01 16:16:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1032GSX rev.AS022D
Running: gnemsxqf.exe; Driver: C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\uflirpob.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xF72667B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF7266676]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xF7266610]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF7266624]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF726668A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF72666B6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF7266724]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF726670E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xF726673A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF72667F8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF7266766]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7266662]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF72665D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF72665E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF72667CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xF72667A2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF72666F8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF72666E2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF72666A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xF726678E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xF726677A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xF726664E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF726663A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF72666CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7266827]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xF7266750]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF726680E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF72667E2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text afd.sys A5001000 104 Bytes [00, A5, 6A, 00, FF, 73, 0C, ...]
.text afd.sys A5001069 6 Bytes [EB, 45, C7, 45, E4, 0D]
.text afd.sys A5001070 20 Bytes [00, C0, EB, 21, 90, 90, 90, ...]
.text afd.sys A5001085 261 Bytes [C3, 90, 90, 90, 90, 90, 8B, ...]
.text afd.sys A500118B 9 Bytes [00, 00, 80, 7F, 02, 03, 0F, ...]
.text ...
? C:\WINDOWS\System32\drivers\afd.sys suspicious PE modification
? C:\WINDOWS\TEMP\mc21.tmp The system cannot find the file specified. !
? system32\drivers\94546810.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe[208] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\svchost.exe[328] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[328] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC00A9
.text C:\WINDOWS\system32\svchost.exe[328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0098
.text C:\WINDOWS\system32\svchost.exe[328] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC0087
.text C:\WINDOWS\system32\svchost.exe[328] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0076
.text C:\WINDOWS\system32\svchost.exe[328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0051
.text C:\WINDOWS\system32\svchost.exe[328] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC0F72
.text C:\WINDOWS\system32\svchost.exe[328] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F99
.text C:\WINDOWS\system32\svchost.exe[328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC0F21
.text C:\WINDOWS\system32\svchost.exe[328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC0F46
.text C:\WINDOWS\system32\svchost.exe[328] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BC00D5
.text C:\WINDOWS\system32\svchost.exe[328] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[328] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC001B
.text C:\WINDOWS\system32\svchost.exe[328] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BC00C4
.text C:\WINDOWS\system32\svchost.exe[328] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BC0040
.text C:\WINDOWS\system32\svchost.exe[328] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\svchost.exe[328] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BC0F57
.text C:\WINDOWS\system32\svchost.exe[328] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BB0FA8
.text C:\WINDOWS\system32\svchost.exe[328] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BB0F7C
.text C:\WINDOWS\system32\svchost.exe[328] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BB0FC3
.text C:\WINDOWS\system32\svchost.exe[328] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\svchost.exe[328] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BB0F8D
.text C:\WINDOWS\system32\svchost.exe[328] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[328] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BB002F
.text C:\WINDOWS\system32\svchost.exe[328] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BB0014
.text C:\WINDOWS\system32\svchost.exe[328] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA0053
.text C:\WINDOWS\system32\svchost.exe[328] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA0038
.text C:\WINDOWS\system32\svchost.exe[328] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA0027
.text C:\WINDOWS\system32\svchost.exe[328] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[328] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA0FC8
.text C:\WINDOWS\system32\svchost.exe[328] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA0FE3
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E60FE5
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E60060
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E60F75
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E6004F
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E60F86
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E60028
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E60091
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E60F49
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E600C4
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E600B3
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E60F06
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E60FA1
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E60FD4
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E60F5A
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E60FB2
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E60FC3
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E600A2
.text C:\WINDOWS\system32\services.exe[644] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E50FCD
.text C:\WINDOWS\system32\services.exe[644] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E50054
.text C:\WINDOWS\system32\services.exe[644] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E50FDE
.text C:\WINDOWS\system32\services.exe[644] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E5000A
.text C:\WINDOWS\system32\services.exe[644] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E50F97
.text C:\WINDOWS\system32\services.exe[644] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E50FEF
.text C:\WINDOWS\system32\services.exe[644] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E50FA8
.text C:\WINDOWS\system32\services.exe[644] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [05, 89]
.text C:\WINDOWS\system32\services.exe[644] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E5002F
.text C:\WINDOWS\system32\services.exe[644] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E40044
.text C:\WINDOWS\system32\services.exe[644] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E40033
.text C:\WINDOWS\system32\services.exe[644] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E40FD7
.text C:\WINDOWS\system32\services.exe[644] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\services.exe[644] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E40022
.text C:\WINDOWS\system32\services.exe[644] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E40011
.text C:\WINDOWS\system32\services.exe[644] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E30FE5
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C60062
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60051
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C60F83
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60F94
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C6002F
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C600A1
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C60090
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C600DE
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C600C3
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C60F20
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C60040
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C60FDE
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C60073
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C60FC3
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C60014
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C600B2
.text C:\WINDOWS\system32\lsass.exe[656] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C50040
.text C:\WINDOWS\system32\lsass.exe[656] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C50087
.text C:\WINDOWS\system32\lsass.exe[656] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C50025
.text C:\WINDOWS\system32\lsass.exe[656] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C5000A
.text C:\WINDOWS\system32\lsass.exe[656] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C5006C
.text C:\WINDOWS\system32\lsass.exe[656] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C50FEF
.text C:\WINDOWS\system32\lsass.exe[656] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C5005B
.text C:\WINDOWS\system32\lsass.exe[656] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C50FD4
.text C:\WINDOWS\system32\lsass.exe[656] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C40FA6
.text C:\WINDOWS\system32\lsass.exe[656] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C40031
.text C:\WINDOWS\system32\lsass.exe[656] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C40FD2
.text C:\WINDOWS\system32\lsass.exe[656] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C40FE3
.text C:\WINDOWS\system32\lsass.exe[656] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C40FC1
.text C:\WINDOWS\system32\lsass.exe[656] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C40000
.text C:\WINDOWS\system32\lsass.exe[656] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\lsass.exe[656] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\lsass.exe[656] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 00C20011
.text C:\WINDOWS\system32\lsass.exe[656] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 00C20FE5
.text C:\WINDOWS\system32\lsass.exe[656] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 00C20040
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F7008C
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70F97
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70065
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70FA8
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F70040
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F700AE
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F70F66
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F70F30
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F70F4B
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F700DA
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70FB9
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F70FDE
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F7009D
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F70025
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F7000A
.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F700C9
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F60051
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F60FB2
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60040
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F6001B
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F60FC3
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F6000A
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F60FD4
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [16, 89]
.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F60FE5
.text C:\WINDOWS\system32\svchost.exe[840] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50047
.text C:\WINDOWS\system32\svchost.exe[840] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F50FC6
.text C:\WINDOWS\system32\svchost.exe[840] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F50FD7
.text C:\WINDOWS\system32\svchost.exe[840] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50000
.text C:\WINDOWS\system32\svchost.exe[840] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F50036
.text C:\WINDOWS\system32\svchost.exe[840] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F50011
.text C:\WINDOWS\system32\svchost.exe[840] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40000
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B300A4
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B3007F
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B3006E
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B30051
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B30FAF
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B30F6D
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B30F8A
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B30F1C
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B30F2D
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B300D0
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B30036
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B30000
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B300B5
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B30FC0
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B30011
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B30F48
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B20FB9
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B2006C
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B20014
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B20FDE
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B20051
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B20036
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B20025
.text C:\WINDOWS\System32\svchost.exe[872] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B1001B
.text C:\WINDOWS\System32\svchost.exe[872] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B1000A
.text C:\WINDOWS\System32\svchost.exe[872] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B10FB5
.text C:\WINDOWS\System32\svchost.exe[872] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B10FE3
.text C:\WINDOWS\System32\svchost.exe[872] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B10F9A
.text C:\WINDOWS\System32\svchost.exe[872] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B10FC6
.text C:\WINDOWS\System32\svchost.exe[872] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B00000
.text C:\WINDOWS\System32\svchost.exe[872] wininet.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\System32\svchost.exe[872] wininet.dll!InternetOpenW 3D95DB21 5 Bytes JMP 00AF0000
.text C:\WINDOWS\System32\svchost.exe[872] wininet.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 00AF0FD4
.text C:\WINDOWS\System32\svchost.exe[872] wininet.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 00AF0FC3
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FC009A
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FC0089
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FC0062
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FC0051
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FC0FCA
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FC00B7
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FC0F6F
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FC00D2
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FC0F43
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FC00F7
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FC0FB9
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FC001B
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FC0F8A
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FC0FDB
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FC002C
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FC0F54
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FB0FDB
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FB0FC0
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FB002C
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FB001B
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FB0073
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FB0000
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FB0062
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FB0047
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FA0F95
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FA0FB0
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FA0FD2
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FA0FEF
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FA0FC1
.text C:\WINDOWS\system32\svchost.exe[888] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FA000C
.text C:\WINDOWS\system32\svchost.exe[888] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F90FE5
.text C:\WINDOWS\system32\svchost.exe[888] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[888] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 00BB0FD4
.text C:\WINDOWS\system32\svchost.exe[888] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 00BB0FB9
.text C:\WINDOWS\system32\svchost.exe[888] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 00BB0F9E
.text C:\WINDOWS\System32\svchost.exe[920] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0236000A
.text C:\WINDOWS\System32\svchost.exe[920] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0249000A
.text C:\WINDOWS\System32\svchost.exe[920] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0235000C
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 05970000
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 05970F8F
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 05970FA0
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 05970084
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 05970073
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 05970047
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 059700A9
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 05970F6D
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 059700E9
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 059700CE
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 05970F35
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 05970058
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 05970011
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 05970F7E
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 05970FDB
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0597002C
.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 05970F50
.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 054B0FDB
.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 054B0073
.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 054B0022
.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 054B0011
.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 054B0FC0
.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 054B0000
.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 054B0062
.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 054B0047
.text C:\WINDOWS\System32\svchost.exe[920] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 053A0055
.text C:\WINDOWS\System32\svchost.exe[920] msvcrt.dll!system 77C293C7 5 Bytes JMP 053A0FCA
.text C:\WINDOWS\System32\svchost.exe[920] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 053A0033
.text C:\WINDOWS\System32\svchost.exe[920] msvcrt.dll!_open 77C2F566 5 Bytes JMP 053A0FEF
.text C:\WINDOWS\System32\svchost.exe[920] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 053A0044
.text C:\WINDOWS\System32\svchost.exe[920] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 053A0018
.text C:\WINDOWS\System32\svchost.exe[920] WS2_32.dll!socket 71AB4211 5 Bytes JMP 05280000
.text C:\WINDOWS\System32\svchost.exe[920] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 050A0FEF
.text C:\WINDOWS\System32\svchost.exe[920] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 050A0FD4
.text C:\WINDOWS\System32\svchost.exe[920] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 050A0FC3
.text C:\WINDOWS\System32\svchost.exe[920] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 050A0FB2
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FE5
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0065004A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650F5F
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00650F7C
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650F8D
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650F9E
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00650F13
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650F24
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00650EC2
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00650ED3
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00650EB1
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650025
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650FD4
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0065005B
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00650FC3
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00650EEE
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00640FB2
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0064002F
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00640FCD
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00640FDE
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640F7C
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00640F8D
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [84, 88]
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0064001E
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630FBC
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!system 77C293C7 5 Bytes JMP 0063003D
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630FDE
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0063000C
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630FCD
.text C:\WINDOWS\system32\svchost.exe[964] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C80FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C80F4D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C80F5E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C80036
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C80025
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C80F8D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C80095
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C80078
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C80F03
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C80F28
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C80EF2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C80014
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C80FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C8005D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C80FA8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C80FC3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C800A6
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C70022
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C7004E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C70011
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C70000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C7003D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C70FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C70F9B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E7, 88] {OUT 0x88, EAX}
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C70FAC
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C60042
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C60FAD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C60FC8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C60FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C6001D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C6000C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1264] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C50FE5
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE00BA
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE009F
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE008E
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE007D
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0047
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE0F79
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE00CB
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0101
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE00E6
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE0112
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0062
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE0FA0
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0036
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0025
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE0F68
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD0FB9
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD001B
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD0FD4
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD0F5E
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BD0F79
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DD, 88]
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD0F94
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC0047
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC0FB2
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC0FDE
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC0FCD
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC0018
.text C:\WINDOWS\system32\svchost.exe[1296] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009A0000
.text C:\WINDOWS\system32\svchost.exe[1296] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\svchost.exe[1296] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 00990FEF
.text C:\WINDOWS\system32\svchost.exe[1296] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 00990025
.text C:\WINDOWS\system32\svchost.exe[1296] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 00990FD4
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FF0098
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FF0087
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FF0FA3
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FF006C
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FF00D0
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FF0F88
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF0F52
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FF00EB
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FF0110
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FF0051
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FF00A9
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FF0036
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FF0025
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FF0F77
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FE0FAF
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FE006C
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FE000A
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FE0FD4
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FE0051
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FE002C
.text C:\WINDOWS\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FE001B
.text C:\WINDOWS\system32\svchost.exe[1320] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FD0FC8
.text C:\WINDOWS\system32\svchost.exe[1320] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FD0049
.text C:\WINDOWS\system32\svchost.exe[1320] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FD001D
.text C:\WINDOWS\system32\svchost.exe[1320] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\svchost.exe[1320] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FD002E
.text C:\WINDOWS\system32\svchost.exe[1320] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\svchost.exe[1320] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[1320] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1320] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\svchost.exe[1320] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 00BA0014
.text C:\WINDOWS\system32\svchost.exe[1320] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 00BA002F
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01630000
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01630F8D
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01630081
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 01630065
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01630FA8
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01630040
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01630F50
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01630F61
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 016300B2
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01630F1A
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 016300C3
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01630FB9
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01630011
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01630F72
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01630FD4
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01630FE5
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01630F35
.text C:\WINDOWS\Explorer.EXE[1640] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01530FC3
.text C:\WINDOWS\Explorer.EXE[1640] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01530065
.text C:\WINDOWS\Explorer.EXE[1640] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01530014
.text C:\WINDOWS\Explorer.EXE[1640] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01530FDE
.text C:\WINDOWS\Explorer.EXE[1640] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0153004A
.text C:\WINDOWS\Explorer.EXE[1640] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01530FEF
.text C:\WINDOWS\Explorer.EXE[1640] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01530039
.text C:\WINDOWS\Explorer.EXE[1640] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01530FA8
.text C:\WINDOWS\Explorer.EXE[1640] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Explorer.EXE[1640] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[1640] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Explorer.EXE[1640] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[1640] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1640] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\Explorer.EXE[1640] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1640] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1640] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01520066
.text C:\WINDOWS\Explorer.EXE[1640] msvcrt.dll!system 77C293C7 5 Bytes JMP 01520055
.text C:\WINDOWS\Explorer.EXE[1640] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01520FE5
.text C:\WINDOWS\Explorer.EXE[1640] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01520000
.text C:\WINDOWS\Explorer.EXE[1640] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0152003A
.text C:\WINDOWS\Explorer.EXE[1640] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0152001D
.text C:\WINDOWS\Explorer.EXE[1640] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 01500FEF
.text C:\WINDOWS\Explorer.EXE[1640] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 01500FDE
.text C:\WINDOWS\Explorer.EXE[1640] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 01500014
.text C:\WINDOWS\Explorer.EXE[1640] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 01500025
.text C:\WINDOWS\Explorer.EXE[1640] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01510000
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0064
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0053
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0F6F
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0F80
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0FB6
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE00AB
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0090
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F2D
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE00BC
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE00D7
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0F9B
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE001B
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE007F
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0FD1
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE002C
.text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE0F3E
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FC3
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930065
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FDE
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0093004A
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00930039
.text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FB2
.text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920F9C
.text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FB7
.text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FC8
.text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920027
.text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[1684] WININET.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\svchost.exe[1684] WININET.dll!InternetOpenW 3D95DB21 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[1684] WININET.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 0090001B
.text C:\WINDOWS\system32\svchost.exe[1684] WININET.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 00900FD4
.text C:\WINDOWS\system32\svchost.exe[1684] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E60FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E600A4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E60089
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E60078
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E6005B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E60040
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E60F83
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E600CB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E60F54
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E600F7
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E60F43
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E60FB9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E60014
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E60F94
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E60025
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E60FDE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E600E6
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E50FD1
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E50069
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E5002C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E5001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E50FB6
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E50000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E5004E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E5003D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E40F90
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E4001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E40FC6
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E40000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E40FAB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E40FE3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1860] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E30000
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2136] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\ctfmon.exe[2284] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[2284] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2284] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\ctfmon.exe[2284] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[2284] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[2284] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\ctfmon.exe[2284] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\ctfmon.exe[2284] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2284] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2284] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2284] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2284] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2680] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
? C:\WINDOWS\System32\svchost.exe[2804] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: oleaut32.dllunknown module: oleaut32.dllunknown module: comctl32.dllunknown module: oleaut32.dllunknown module: oleaut32.dll
.text C:\WINDOWS\System32\svchost.exe[2804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A000A
.text C:\WINDOWS\System32\svchost.exe[2804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F9C
.text C:\WINDOWS\System32\svchost.exe[2804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0087
.text C:\WINDOWS\System32\svchost.exe[2804] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0FAD
.text C:\WINDOWS\System32\svchost.exe[2804] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\System32\svchost.exe[2804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0051
.text C:\WINDOWS\System32\svchost.exe[2804] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F5A
.text C:\WINDOWS\System32\svchost.exe[2804] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F81
.text C:\WINDOWS\System32\svchost.exe[2804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F1D
.text C:\WINDOWS\System32\svchost.exe[2804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F2E
.text C:\WINDOWS\System32\svchost.exe[2804] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\svchost.exe[2804] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F0C
.text C:\WINDOWS\System32\svchost.exe[2804] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A006C
.text C:\WINDOWS\System32\svchost.exe[2804] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0025
.text C:\WINDOWS\System32\svchost.exe[2804] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A00AC
.text C:\WINDOWS\System32\svchost.exe[2804] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\System32\svchost.exe[2804] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0040
.text C:\WINDOWS\System32\svchost.exe[2804] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F49
.text C:\WINDOWS\System32\svchost.exe[2804] advapi32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FCA
.text C:\WINDOWS\System32\svchost.exe[2804] advapi32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290058
.text C:\WINDOWS\System32\svchost.exe[2804] advapi32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029001B
.text C:\WINDOWS\System32\svchost.exe[2804] advapi32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290000
.text C:\WINDOWS\System32\svchost.exe[2804] advapi32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290047
.text C:\WINDOWS\System32\svchost.exe[2804] advapi32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\System32\svchost.exe[2804] advapi32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290FAF
.text C:\WINDOWS\System32\svchost.exe[2804] advapi32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\System32\svchost.exe[2804] advapi32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290036
.text C:\WINDOWS\System32\svchost.exe[2804] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0011
.text C:\WINDOWS\System32\svchost.exe[2804] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0000
.text C:\WINDOWS\System32\svchost.exe[2804] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FAB
.text C:\WINDOWS\System32\svchost.exe[2804] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\System32\svchost.exe[2804] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0F9A
.text C:\WINDOWS\System32\svchost.exe[2804] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A0FD2
.text C:\WINDOWS\System32\svchost.exe[2804] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0062000A
.text C:\WINDOWS\System32\svchost.exe[2804] wininet.dll!InternetOpenA 3D95D6A8 5 Bytes JMP 00780FEF
.text C:\WINDOWS\System32\svchost.exe[2804] wininet.dll!InternetOpenW 3D95DB21 5 Bytes JMP 0078000A
.text C:\WINDOWS\System32\svchost.exe[2804] wininet.dll!InternetOpenUrlA 3D95F3BC 5 Bytes JMP 00780FD4
.text C:\WINDOWS\System32\svchost.exe[2804] wininet.dll!InternetOpenUrlW 3D9A6DFF 5 Bytes JMP 00780025
.text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[2872] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe[3000] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe[3000] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe[3000] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe[3000] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe[3000] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe[3000] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe[3000] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe[3000] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe[3000] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe[3000] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe[3000] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe[3000] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\alg.exe[3448] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Program Files\Internet Content Filter\SafeEyes.exe[3912] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Internet Content Filter\SafeEyes.exe[3912] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Content Filter\SafeEyes.exe[3912] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Program Files\Internet Content Filter\SafeEyes.exe[3912] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Content Filter\SafeEyes.exe[3912] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Internet Content Filter\SafeEyes.exe[3912] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Internet Content Filter\SafeEyes.exe[3912] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Internet Content Filter\SafeEyes.exe[3912] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Internet Content Filter\SafeEyes.exe[3912] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Content Filter\SafeEyes.exe[3912] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\Internet Content Filter\SafeEyes.exe[3912] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Content Filter\SafeEyes.exe[3912] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\ping.exe[4692] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CE000A
.text C:\WINDOWS\System32\ping.exe[4692] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00CF000A
.text C:\WINDOWS\System32\ping.exe[4692] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006F000A
.text C:\WINDOWS\System32\ping.exe[4692] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BE000A
.text C:\WINDOWS\System32\ping.exe[4692] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006E000C
.text C:\WINDOWS\System32\ping.exe[4692] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00D2000A
.text C:\WINDOWS\System32\ping.exe[4692] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00D3000A
.text C:\WINDOWS\System32\ping.exe[4692] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00D4000A
.text C:\WINDOWS\System32\ping.exe[4692] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00D1000A
.text C:\Documents and Settings\Andrew McDonald\Desktop\gnemsxqf.exe[5608] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\Andrew McDonald\Desktop\gnemsxqf.exe[5608] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Andrew McDonald\Desktop\gnemsxqf.exe[5608] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Documents and Settings\Andrew McDonald\Desktop\gnemsxqf.exe[5608] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Andrew McDonald\Desktop\gnemsxqf.exe[5608] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\Andrew McDonald\Desktop\gnemsxqf.exe[5608] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Documents and Settings\Andrew McDonald\Desktop\gnemsxqf.exe[5608] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Documents and Settings\Andrew McDonald\Desktop\gnemsxqf.exe[5608] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\Andrew McDonald\Desktop\gnemsxqf.exe[5608] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Andrew McDonald\Desktop\gnemsxqf.exe[5608] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Documents and Settings\Andrew McDonald\Desktop\gnemsxqf.exe[5608] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Andrew McDonald\Desktop\gnemsxqf.exe[5608] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\mfevtps.exe[544] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00405995] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\WINDOWS\system32\mfevtps.exe[544] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004059CB] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [00401004] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 7453060A
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 676E6972
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [00401010] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 69570A0B
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 74536564
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 676E6972
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [00401020] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 6156070C
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 6E616972
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [00408D74] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [00401030] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 6C4F0A0C
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 72615665
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [00401088] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [00403708] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [0040370C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [00403710] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [00403704] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [00403494] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [004034B0] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [004034EC] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 624F5407
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 7463656A
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [00401094] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 4F540707
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 63656A62
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 40108874
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 06000000
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [74737953] C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 00006D65
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [004010B4] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 49490A0F
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 7265746E
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 65636166
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 00000001
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 79530646
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 6D657473
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] FFFF0003
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [004010E4] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 4449090F
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 61707369
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] B0686374
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 01004010
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 00020400
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 000000C0
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 46000000
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [73795306] C:\WINDOWS\system32\DDRAW.dll (Microsoft DirectDraw/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [046D6574] C:\WINDOWS\system32\Macromed\Flash\Flash11e.ocx (Adobe Flash Player 11.1 r102/Adobe Systems, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 90FFFF00
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 244483CC
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] E5E9F804
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 83000049
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] F8042444
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 24448300
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 0DE9F804
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] CC00004A
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 401111CC
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 40111B00
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 40112500
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 00000100
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00000000
IAT C:\WINDOWS\System32\svchost.exe[2804] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 00000000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\51779176 \Device\KLMD16012012_207010 94546810.sys
Device \Driver\AFD \Device\Afd afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat A36D5D20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) A72E1000-A72FD000 (114688 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 4692

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3XX0WBH2\info_48[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5U09653C\dnserrordiagoff_webOC[1] 6766 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\recette_encodesc11r06512K_[1].jpg 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\recette_encodesc46r05512K_[1].jpg 13400 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\recette_encodesc58r03512K_[1].jpg 9774 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\recette_encodesc61r08512K_[1].jpg 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\recette_encodesc67r01512K_[1].jpg 10792 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\replaceholder[1].js 9927 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\showPage[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\shows[1].css 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\sracl[1].js 1285 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\default[1].css 24376 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\default[1].jpg 2155 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\default[2].jpg 4764 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\default[3].jpg 2306 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\default[4].jpg 2511 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\1344961442@x96[1].htm 7475 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\1497134694@x15[1] 1431 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\15ddf27cf2c63809c540868c0bf251bf391e7d50[1].png 44571 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\control[1].xml 39637 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\control[2].xml 32276 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\get[1].png 285 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\gradient-input-blue[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\andes_c[1].swf 4366 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\beacon[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\12064845084@x23[1].htm 2189 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\lgl[1].htm 132 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\expander[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\tags[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\tap[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\tap[2].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\tap[3].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\template_css[1].css 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\index[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\jayz[1] 146735 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\jd.gallery[1].js 25468 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\jd.gallery[2].js 25468 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\jd.gallery[3].js 25468 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\FeatureLoader.js[1].php 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\feed[1] 695 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\file_176222[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\file_187062[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\file_296506[1].jpg 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\file_306956[1].jpg 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\file_78780[1].jpg 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\blank[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\BrightcoveBootloader[1].swf 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\btn-gradient-sprite[1].jpg 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\button_go[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\cached_iframe[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\log[1].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\metrics_1308735381[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\meviomovies-us-e[1].jpg 8529 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\2064845084@x96[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\357[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\;sz=160x600;tile=4;ord=4091316128856253[1].5 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\;sz=300x250;tile=2;ord=676043251580722[1].4 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\abg[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\ads[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\nav_logo99[1].png 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\pixel[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\creative[1].xml 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\crossdomain[1].xml 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8KFQ4H3C\crossdomain[3].xml 0 bytes
File C:\WINDOWS\$NtUninstallKB56965$\243400554 0 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462 0 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462\bckfg.tmp 854 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462\cfg.ini 312 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462\keywords 369 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462\L 0 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462\L\odetmngk 138496 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462\oemid 19 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462\U 0 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462\U\80000000.@ 11264 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462\U\80000032.@ 73216 bytes
File C:\WINDOWS\$NtUninstallKB56965$\4016255462\version 858 bytes

---- EOF - GMER 1.0.15 ----

avast!:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-01 16:22:16
-----------------------------
16:22:16.015 OS Version: Windows 5.1.2600 Service Pack 3
16:22:16.015 Number of processors: 2 586 0xE08
16:22:16.015 ComputerName: BOOGERSII UserName:
16:22:26.703 Initialize success
16:38:41.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:38:41.953 Disk 0 Vendor: TOSHIBA_MK1032GSX AS022D Size: 93958MB BusType: 3
16:38:42.000 Disk 0 MBR read successfully
16:38:42.000 Disk 0 MBR scan
16:38:42.000 Disk 0 unknown MBR code
16:38:42.031 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
16:38:42.078 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 68284 MB offset 96390
16:38:42.125 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 22261 MB offset 139958280
16:38:42.140 Disk 0 Partition 4 00 DB CP/M / CTOS MSWIN4.1 3349 MB offset 185550750
16:38:42.187 Disk 0 scanning sectors +192410505
16:38:42.609 Disk 0 scanning C:\WINDOWS\system32\drivers
16:39:56.593 Service scanning
16:40:04.750 Modules scanning
16:40:34.296 Module: C:\WINDOWS\System32\drivers\afd.sys **SUSPICIOUS**
16:41:16.437 Disk 0 trace - called modules:
16:41:16.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8662cff0]<<
16:41:16.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87368ab8]
16:41:16.468 3 CLASSPNP.SYS[f760dfd7] -> nt!IofCallDriver -> [0x87101030]
16:41:16.484 \Driver\00005191[0x867f6a20] -> IRP_MJ_CREATE -> 0x8662cff0
16:41:16.484 Scan finished successfully
16:43:03.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Andrew McDonald\Desktop\MBR.dat"
16:43:03.687 The log file has been saved successfully to "C:\Documents and Settings\Andrew McDonald\Desktop\aswMBR.txt"


And I see that you didn't ask for it, but since it isn't too long I thought I would post the exeHelper log just in case:

exeHelper by Raktor
Build 20100414
Run at 16:44:22 on 02/01/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Hopefully this tells you what you need to know, and thanks for your continued help!

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:46 AM

Posted 01 February 2012 - 08:26 PM

You're infected with zero access rootkit which requires advanced tools

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:46 PM

Posted 02 February 2012 - 05:29 PM

Malware topic here: http://www.bleepingcomputer.com/forums/topic441052.html

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MR Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users