Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows update problems


  • Please log in to reply
7 replies to this topic

#1 oldapple

oldapple

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 09 February 2012 - 08:40 PM

I had a problem with windows vista uploading when turned on. All I would get was a black screen, so then reinstalled everything again. Then had problems with windows updates. I dont know if the problem was the internet connection cable or a virus.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,780 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:47 PM

Posted 09 February 2012 - 10:37 PM

Try using
Posted Image
as described in Microsoft Article ID: 971058: How to Reset Windows Update components.

If that does not resolve the problem, please see Automatically diagnose and fix common problems with Windows Update (MicrosoftFixit-portable.exe).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 oldapple

oldapple
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 21 February 2012 - 08:36 PM

windows is Updating now thanks but how do I check that my laptop doesnt have a virus.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:47 PM

Posted 21 February 2012 - 08:39 PM

Hi oldapple


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#5 oldapple

oldapple
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 24 February 2012 - 12:02 AM

here are the scan results. thanks.

04:54:32.0087 5332 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
04:54:32.0461 5332 ============================================================
04:54:32.0461 5332 Current date / time: 2012/02/24 04:54:32.0461
04:54:32.0461 5332 SystemInfo:
04:54:32.0461 5332
04:54:32.0461 5332 OS Version: 6.0.6002 ServicePack: 2.0
04:54:32.0461 5332 Product type: Workstation
04:54:32.0477 5332 ComputerName: HEISENBERG
04:54:32.0477 5332 UserName: Poke High
04:54:32.0477 5332 Windows directory: C:\Windows
04:54:32.0477 5332 System windows directory: C:\Windows
04:54:32.0477 5332 Processor architecture: Intel x86
04:54:32.0477 5332 Number of processors: 2
04:54:32.0477 5332 Page size: 0x1000
04:54:32.0477 5332 Boot type: Normal boot
04:54:32.0477 5332 ============================================================
04:54:33.0648 5332 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
04:54:33.0664 5332 \Device\Harddisk0\DR0:
04:54:33.0695 5332 MBR used
04:54:33.0695 5332 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x8C00532
04:54:33.0710 5332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8C17DF7, BlocksNum 0x1C411F44
04:54:33.0866 5332 Initialize success
04:54:33.0866 5332 ============================================================
04:54:42.0868 2568 ============================================================
04:54:42.0868 2568 Scan started
04:54:42.0868 2568 Mode: Manual; TDLFS;
04:54:42.0868 2568 ============================================================
04:54:43.0585 2568 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
04:54:43.0585 2568 ACPI - ok
04:54:43.0632 2568 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
04:54:43.0648 2568 adp94xx - ok
04:54:43.0663 2568 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
04:54:43.0663 2568 adpahci - ok
04:54:43.0694 2568 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
04:54:43.0694 2568 adpu160m - ok
04:54:43.0710 2568 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
04:54:43.0710 2568 adpu320 - ok
04:54:43.0788 2568 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
04:54:43.0788 2568 AFD - ok
04:54:43.0835 2568 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
04:54:43.0835 2568 agp440 - ok
04:54:43.0866 2568 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
04:54:43.0866 2568 aic78xx - ok
04:54:43.0897 2568 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
04:54:43.0897 2568 aliide - ok
04:54:43.0928 2568 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
04:54:43.0928 2568 amdagp - ok
04:54:43.0944 2568 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
04:54:43.0944 2568 amdide - ok
04:54:43.0975 2568 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
04:54:43.0975 2568 AmdK7 - ok
04:54:43.0991 2568 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
04:54:43.0991 2568 AmdK8 - ok
04:54:44.0069 2568 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
04:54:44.0069 2568 arc - ok
04:54:44.0100 2568 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
04:54:44.0100 2568 arcsas - ok
04:54:44.0162 2568 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
04:54:44.0162 2568 AsyncMac - ok
04:54:44.0194 2568 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
04:54:44.0194 2568 atapi - ok
04:54:44.0256 2568 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
04:54:44.0256 2568 Beep - ok
04:54:44.0272 2568 blbdrive - ok
04:54:44.0318 2568 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
04:54:44.0318 2568 bowser - ok
04:54:44.0350 2568 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
04:54:44.0350 2568 BrFiltLo - ok
04:54:44.0365 2568 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
04:54:44.0365 2568 BrFiltUp - ok
04:54:44.0412 2568 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
04:54:44.0412 2568 Brserid - ok
04:54:44.0428 2568 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
04:54:44.0428 2568 BrSerWdm - ok
04:54:44.0443 2568 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
04:54:44.0443 2568 BrUsbMdm - ok
04:54:44.0474 2568 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
04:54:44.0474 2568 BrUsbSer - ok
04:54:44.0490 2568 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
04:54:44.0490 2568 BTHMODEM - ok
04:54:44.0552 2568 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
04:54:44.0552 2568 cdfs - ok
04:54:44.0584 2568 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
04:54:44.0584 2568 cdrom - ok
04:54:44.0630 2568 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys
04:54:44.0630 2568 cfwids - ok
04:54:44.0677 2568 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
04:54:44.0693 2568 circlass - ok
04:54:44.0724 2568 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
04:54:44.0740 2568 CLFS - ok
04:54:44.0786 2568 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
04:54:44.0802 2568 CmBatt - ok
04:54:44.0833 2568 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
04:54:44.0833 2568 cmdide - ok
04:54:44.0864 2568 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
04:54:44.0864 2568 Compbatt - ok
04:54:44.0896 2568 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
04:54:44.0896 2568 crcdisk - ok
04:54:44.0911 2568 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
04:54:44.0911 2568 Crusoe - ok
04:54:44.0974 2568 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
04:54:44.0974 2568 DfsC - ok
04:54:45.0020 2568 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
04:54:45.0020 2568 disk - ok
04:54:45.0098 2568 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
04:54:45.0098 2568 DLABMFSM - ok
04:54:45.0130 2568 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
04:54:45.0130 2568 DLABOIOM - ok
04:54:45.0145 2568 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
04:54:45.0145 2568 DLACDBHM - ok
04:54:45.0176 2568 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
04:54:45.0176 2568 DLADResM - ok
04:54:45.0192 2568 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
04:54:45.0192 2568 DLAIFS_M - ok
04:54:45.0223 2568 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
04:54:45.0223 2568 DLAOPIOM - ok
04:54:45.0239 2568 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
04:54:45.0239 2568 DLAPoolM - ok
04:54:45.0270 2568 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
04:54:45.0270 2568 DLARTL_M - ok
04:54:45.0286 2568 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
04:54:45.0286 2568 DLAUDFAM - ok
04:54:45.0301 2568 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
04:54:45.0301 2568 DLAUDF_M - ok
04:54:45.0348 2568 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
04:54:45.0348 2568 drmkaud - ok
04:54:45.0364 2568 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
04:54:45.0379 2568 DRVMCDB - ok
04:54:45.0379 2568 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
04:54:45.0379 2568 DRVNDDM - ok
04:54:45.0442 2568 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
04:54:45.0442 2568 DXGKrnl - ok
04:54:45.0504 2568 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
04:54:45.0504 2568 E1G60 - ok
04:54:45.0582 2568 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
04:54:45.0582 2568 Ecache - ok
04:54:45.0629 2568 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
04:54:45.0629 2568 elxstor - ok
04:54:45.0691 2568 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
04:54:45.0707 2568 exfat - ok
04:54:45.0722 2568 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
04:54:45.0738 2568 fastfat - ok
04:54:45.0769 2568 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
04:54:45.0769 2568 fdc - ok
04:54:45.0832 2568 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
04:54:45.0847 2568 FileInfo - ok
04:54:45.0878 2568 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
04:54:45.0878 2568 Filetrace - ok
04:54:45.0894 2568 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
04:54:45.0894 2568 flpydisk - ok
04:54:45.0925 2568 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
04:54:45.0925 2568 FltMgr - ok
04:54:46.0003 2568 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
04:54:46.0003 2568 Fs_Rec - ok
04:54:46.0097 2568 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
04:54:46.0097 2568 gagp30kx - ok
04:54:46.0159 2568 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:54:46.0159 2568 GEARAspiWDM - ok
04:54:46.0206 2568 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
04:54:46.0206 2568 HdAudAddService - ok
04:54:46.0268 2568 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:54:46.0268 2568 HDAudBus - ok
04:54:46.0284 2568 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
04:54:46.0284 2568 HidBth - ok
04:54:46.0315 2568 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
04:54:46.0315 2568 HidIr - ok
04:54:46.0362 2568 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
04:54:46.0362 2568 HidUsb - ok
04:54:46.0393 2568 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
04:54:46.0393 2568 HpCISSs - ok
04:54:46.0440 2568 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
04:54:46.0440 2568 HSFHWAZL - ok
04:54:46.0518 2568 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
04:54:46.0518 2568 HSF_DPV - ok
04:54:46.0549 2568 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
04:54:46.0565 2568 HSXHWAZL - ok
04:54:46.0612 2568 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
04:54:46.0627 2568 HTTP - ok
04:54:46.0658 2568 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
04:54:46.0658 2568 i2omp - ok
04:54:46.0721 2568 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
04:54:46.0721 2568 i8042prt - ok
04:54:46.0768 2568 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
04:54:46.0768 2568 iaStorV - ok
04:54:46.0892 2568 igfx (f7ecd4b9e7fad4a01a0ed889d40e2494) C:\Windows\system32\DRIVERS\igdkmd32.sys
04:54:46.0892 2568 igfx - ok
04:54:46.0924 2568 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
04:54:46.0924 2568 iirsp - ok
04:54:46.0955 2568 IntcHdmiAddService (cace3be2499cf00827a641869297cea6) C:\Windows\system32\drivers\IntcHdmi.sys
04:54:46.0955 2568 IntcHdmiAddService - ok
04:54:47.0002 2568 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
04:54:47.0002 2568 intelide - ok
04:54:47.0048 2568 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
04:54:47.0048 2568 intelppm - ok
04:54:47.0126 2568 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:54:47.0126 2568 IpFilterDriver - ok
04:54:47.0142 2568 IpInIp - ok
04:54:47.0189 2568 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
04:54:47.0189 2568 IPMIDRV - ok
04:54:47.0236 2568 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
04:54:47.0236 2568 IPNAT - ok
04:54:47.0282 2568 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
04:54:47.0282 2568 IRENUM - ok
04:54:47.0298 2568 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
04:54:47.0298 2568 isapnp - ok
04:54:47.0329 2568 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
04:54:47.0345 2568 iScsiPrt - ok
04:54:47.0360 2568 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
04:54:47.0360 2568 iteatapi - ok
04:54:47.0376 2568 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
04:54:47.0392 2568 iteraid - ok
04:54:47.0423 2568 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
04:54:47.0423 2568 kbdclass - ok
04:54:47.0454 2568 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
04:54:47.0454 2568 kbdhid - ok
04:54:47.0501 2568 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
04:54:47.0501 2568 KSecDD - ok
04:54:47.0563 2568 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
04:54:47.0563 2568 lltdio - ok
04:54:47.0594 2568 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
04:54:47.0594 2568 LSI_FC - ok
04:54:47.0626 2568 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
04:54:47.0626 2568 LSI_SAS - ok
04:54:47.0657 2568 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
04:54:47.0657 2568 LSI_SCSI - ok
04:54:47.0704 2568 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
04:54:47.0704 2568 luafv - ok
04:54:47.0797 2568 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
04:54:47.0797 2568 mdmxsdk - ok
04:54:47.0828 2568 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
04:54:47.0828 2568 megasas - ok
04:54:47.0860 2568 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys
04:54:47.0860 2568 mfeapfk - ok
04:54:47.0891 2568 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys
04:54:47.0891 2568 mfeavfk - ok
04:54:47.0922 2568 mfeavfk01 - ok
04:54:47.0984 2568 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys
04:54:47.0984 2568 mfebopk - ok
04:54:48.0031 2568 mfefirek (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys
04:54:48.0047 2568 mfefirek - ok
04:54:48.0078 2568 mfehidk (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys
04:54:48.0078 2568 mfehidk - ok
04:54:48.0094 2568 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys
04:54:48.0109 2568 mfenlfk - ok
04:54:48.0140 2568 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys
04:54:48.0140 2568 mferkdet - ok
04:54:48.0187 2568 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys
04:54:48.0203 2568 mfewfpk - ok
04:54:48.0234 2568 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
04:54:48.0234 2568 Modem - ok
04:54:48.0265 2568 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
04:54:48.0281 2568 monitor - ok
04:54:48.0312 2568 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
04:54:48.0312 2568 mouclass - ok
04:54:48.0374 2568 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
04:54:48.0374 2568 mouhid - ok
04:54:48.0421 2568 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
04:54:48.0421 2568 MountMgr - ok
04:54:48.0468 2568 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
04:54:48.0468 2568 mpio - ok
04:54:48.0515 2568 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
04:54:48.0515 2568 mpsdrv - ok
04:54:48.0530 2568 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
04:54:48.0530 2568 Mraid35x - ok
04:54:48.0562 2568 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
04:54:48.0562 2568 MRxDAV - ok
04:54:48.0593 2568 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:54:48.0593 2568 mrxsmb - ok
04:54:48.0608 2568 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:54:48.0624 2568 mrxsmb10 - ok
04:54:48.0640 2568 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:54:48.0640 2568 mrxsmb20 - ok
04:54:48.0671 2568 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
04:54:48.0671 2568 msahci - ok
04:54:48.0718 2568 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
04:54:48.0718 2568 msdsm - ok
04:54:48.0780 2568 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
04:54:48.0780 2568 Msfs - ok
04:54:48.0811 2568 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
04:54:48.0811 2568 msisadrv - ok
04:54:48.0842 2568 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
04:54:48.0842 2568 MSKSSRV - ok
04:54:48.0936 2568 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
04:54:48.0936 2568 MSPCLOCK - ok
04:54:48.0967 2568 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
04:54:48.0967 2568 MSPQM - ok
04:54:49.0014 2568 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
04:54:49.0014 2568 MsRPC - ok
04:54:49.0045 2568 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
04:54:49.0045 2568 mssmbios - ok
04:54:49.0076 2568 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
04:54:49.0076 2568 MSTEE - ok
04:54:49.0108 2568 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
04:54:49.0108 2568 Mup - ok
04:54:49.0154 2568 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
04:54:49.0170 2568 NativeWifiP - ok
04:54:49.0217 2568 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
04:54:49.0232 2568 NDIS - ok
04:54:49.0264 2568 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
04:54:49.0264 2568 NdisTapi - ok
04:54:49.0310 2568 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
04:54:49.0310 2568 Ndisuio - ok
04:54:49.0342 2568 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
04:54:49.0342 2568 NdisWan - ok
04:54:49.0373 2568 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
04:54:49.0373 2568 NDProxy - ok
04:54:49.0404 2568 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
04:54:49.0420 2568 NetBIOS - ok
04:54:49.0451 2568 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
04:54:49.0466 2568 netbt - ok
04:54:49.0529 2568 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
04:54:49.0529 2568 nfrd960 - ok
04:54:49.0576 2568 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
04:54:49.0576 2568 Npfs - ok
04:54:49.0622 2568 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
04:54:49.0622 2568 nsiproxy - ok
04:54:49.0685 2568 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
04:54:49.0685 2568 Ntfs - ok
04:54:49.0716 2568 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
04:54:49.0716 2568 ntrigdigi - ok
04:54:49.0747 2568 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
04:54:49.0747 2568 Null - ok
04:54:49.0794 2568 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
04:54:49.0794 2568 nvraid - ok
04:54:49.0810 2568 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
04:54:49.0825 2568 nvstor - ok
04:54:49.0841 2568 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
04:54:49.0841 2568 nv_agp - ok
04:54:49.0872 2568 NwlnkFlt - ok
04:54:49.0888 2568 NwlnkFwd - ok
04:54:49.0966 2568 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
04:54:49.0966 2568 OEM02Dev - ok
04:54:49.0997 2568 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
04:54:49.0997 2568 OEM02Vfx - ok
04:54:50.0044 2568 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
04:54:50.0044 2568 ohci1394 - ok
04:54:50.0090 2568 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
04:54:50.0090 2568 Parport - ok
04:54:50.0137 2568 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
04:54:50.0137 2568 partmgr - ok
04:54:50.0153 2568 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
04:54:50.0153 2568 Parvdm - ok
04:54:50.0184 2568 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
04:54:50.0184 2568 pci - ok
04:54:50.0215 2568 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
04:54:50.0215 2568 pciide - ok
04:54:50.0246 2568 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
04:54:50.0246 2568 pcmcia - ok
04:54:50.0324 2568 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
04:54:50.0324 2568 PEAUTH - ok
04:54:50.0402 2568 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
04:54:50.0402 2568 PptpMiniport - ok
04:54:50.0434 2568 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
04:54:50.0434 2568 Processor - ok
04:54:50.0496 2568 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
04:54:50.0496 2568 PSched - ok
04:54:50.0527 2568 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
04:54:50.0543 2568 PSI - ok
04:54:50.0574 2568 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
04:54:50.0574 2568 PxHelp20 - ok
04:54:50.0636 2568 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
04:54:50.0652 2568 ql2300 - ok
04:54:50.0683 2568 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
04:54:50.0683 2568 ql40xx - ok
04:54:50.0714 2568 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
04:54:50.0714 2568 QWAVEdrv - ok
04:54:50.0746 2568 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
04:54:50.0746 2568 RasAcd - ok
04:54:50.0792 2568 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:54:50.0792 2568 Rasl2tp - ok
04:54:50.0839 2568 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
04:54:50.0839 2568 RasPppoe - ok
04:54:50.0870 2568 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
04:54:50.0870 2568 RasSstp - ok
04:54:50.0902 2568 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
04:54:50.0902 2568 rdbss - ok
04:54:50.0948 2568 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:54:50.0948 2568 RDPCDD - ok
04:54:50.0995 2568 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
04:54:50.0995 2568 rdpdr - ok
04:54:51.0027 2568 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
04:54:51.0027 2568 RDPENCDD - ok
04:54:51.0090 2568 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
04:54:51.0090 2568 RDPWD - ok
04:54:51.0137 2568 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
04:54:51.0137 2568 rismxdp - ok
04:54:51.0183 2568 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
04:54:51.0183 2568 rspndr - ok
04:54:51.0293 2568 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
04:54:51.0293 2568 SASDIFSV - ok
04:54:51.0324 2568 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
04:54:51.0324 2568 SASKUTIL - ok
04:54:51.0371 2568 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
04:54:51.0371 2568 sbp2port - ok
04:54:51.0433 2568 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
04:54:51.0433 2568 sdbus - ok
04:54:51.0464 2568 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
04:54:51.0464 2568 secdrv - ok
04:54:51.0495 2568 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
04:54:51.0495 2568 Serenum - ok
04:54:51.0511 2568 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
04:54:51.0527 2568 Serial - ok
04:54:51.0558 2568 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
04:54:51.0558 2568 sermouse - ok
04:54:51.0605 2568 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
04:54:51.0605 2568 sffdisk - ok
04:54:51.0636 2568 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
04:54:51.0636 2568 sffp_mmc - ok
04:54:51.0651 2568 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
04:54:51.0651 2568 sffp_sd - ok
04:54:51.0683 2568 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
04:54:51.0683 2568 sfloppy - ok
04:54:51.0714 2568 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
04:54:51.0714 2568 sisagp - ok
04:54:51.0745 2568 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
04:54:51.0745 2568 SiSRaid2 - ok
04:54:51.0776 2568 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
04:54:51.0776 2568 SiSRaid4 - ok
04:54:51.0917 2568 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
04:54:51.0917 2568 Smb - ok
04:54:51.0963 2568 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
04:54:51.0963 2568 spldr - ok
04:54:52.0010 2568 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
04:54:52.0010 2568 srv - ok
04:54:52.0041 2568 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
04:54:52.0041 2568 srv2 - ok
04:54:52.0073 2568 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
04:54:52.0073 2568 srvnet - ok
04:54:52.0151 2568 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
04:54:52.0151 2568 STHDA - ok
04:54:52.0197 2568 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
04:54:52.0197 2568 swenum - ok
04:54:52.0244 2568 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
04:54:52.0244 2568 Symc8xx - ok
04:54:52.0260 2568 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
04:54:52.0260 2568 Sym_hi - ok
04:54:52.0291 2568 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
04:54:52.0291 2568 Sym_u3 - ok
04:54:52.0369 2568 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
04:54:52.0369 2568 Tcpip - ok
04:54:52.0416 2568 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
04:54:52.0416 2568 Tcpip6 - ok
04:54:52.0447 2568 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
04:54:52.0447 2568 tcpipreg - ok
04:54:52.0494 2568 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
04:54:52.0494 2568 TDPIPE - ok
04:54:52.0509 2568 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
04:54:52.0509 2568 TDTCP - ok
04:54:52.0541 2568 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
04:54:52.0541 2568 tdx - ok
04:54:52.0572 2568 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
04:54:52.0572 2568 TermDD - ok
04:54:52.0634 2568 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:54:52.0634 2568 tssecsrv - ok
04:54:52.0681 2568 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
04:54:52.0681 2568 tunmp - ok
04:54:52.0712 2568 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
04:54:52.0712 2568 tunnel - ok
04:54:52.0743 2568 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
04:54:52.0743 2568 uagp35 - ok
04:54:52.0790 2568 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
04:54:52.0790 2568 udfs - ok
04:54:52.0821 2568 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
04:54:52.0837 2568 uliagpkx - ok
04:54:52.0868 2568 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
04:54:52.0868 2568 uliahci - ok
04:54:52.0931 2568 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
04:54:52.0931 2568 UlSata - ok
04:54:52.0946 2568 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
04:54:52.0962 2568 ulsata2 - ok
04:54:52.0993 2568 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
04:54:52.0993 2568 umbus - ok
04:54:53.0040 2568 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
04:54:53.0040 2568 usbccgp - ok
04:54:53.0071 2568 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
04:54:53.0071 2568 usbcir - ok
04:54:53.0118 2568 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
04:54:53.0118 2568 usbehci - ok
04:54:53.0165 2568 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
04:54:53.0165 2568 usbhub - ok
04:54:53.0196 2568 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
04:54:53.0196 2568 usbohci - ok
04:54:53.0227 2568 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
04:54:53.0227 2568 usbprint - ok
04:54:53.0243 2568 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:54:53.0258 2568 USBSTOR - ok
04:54:53.0289 2568 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
04:54:53.0289 2568 usbuhci - ok
04:54:53.0321 2568 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
04:54:53.0321 2568 usbvideo - ok
04:54:53.0352 2568 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
04:54:53.0352 2568 vga - ok
04:54:53.0383 2568 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
04:54:53.0383 2568 VgaSave - ok
04:54:53.0414 2568 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
04:54:53.0414 2568 viaagp - ok
04:54:53.0445 2568 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
04:54:53.0445 2568 ViaC7 - ok
04:54:53.0492 2568 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
04:54:53.0492 2568 viaide - ok
04:54:53.0523 2568 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
04:54:53.0523 2568 volmgr - ok
04:54:53.0555 2568 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
04:54:53.0555 2568 volmgrx - ok
04:54:53.0601 2568 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
04:54:53.0601 2568 volsnap - ok
04:54:53.0633 2568 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
04:54:53.0633 2568 vsmraid - ok
04:54:53.0679 2568 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
04:54:53.0679 2568 WacomPen - ok
04:54:53.0711 2568 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:54:53.0711 2568 Wanarp - ok
04:54:53.0726 2568 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:54:53.0726 2568 Wanarpv6 - ok
04:54:53.0773 2568 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
04:54:53.0773 2568 wanatw - ok
04:54:53.0820 2568 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
04:54:53.0820 2568 Wd - ok
04:54:53.0867 2568 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
04:54:53.0867 2568 Wdf01000 - ok
04:54:53.0945 2568 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
04:54:53.0945 2568 winachsf - ok
04:54:54.0023 2568 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
04:54:54.0023 2568 WmiAcpi - ok
04:54:54.0085 2568 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
04:54:54.0085 2568 ws2ifsl - ok
04:54:54.0147 2568 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:54:54.0147 2568 WUDFRd - ok
04:54:54.0163 2568 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
04:54:54.0179 2568 XAudio - ok
04:54:54.0225 2568 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
04:54:54.0225 2568 yukonwlh - ok
04:54:54.0241 2568 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
04:54:54.0444 2568 \Device\Harddisk0\DR0 - ok
04:54:54.0444 2568 Boot (0x1200) (27b3a1dcd5416ec53725a033a1a0d981) \Device\Harddisk0\DR0\Partition0
04:54:54.0444 2568 \Device\Harddisk0\DR0\Partition0 - ok
04:54:54.0444 2568 Boot (0x1200) (912f26a53f9cd7558da2baf6146e3124) \Device\Harddisk0\DR0\Partition1
04:54:54.0459 2568 \Device\Harddisk0\DR0\Partition1 - ok
04:54:54.0459 2568 ============================================================
04:54:54.0459 2568 Scan finished
04:54:54.0459 2568 ============================================================
04:54:54.0475 4168 Detected object count: 0
04:54:54.0475 4168 Actual detected object count: 0
=======================================================================================================================================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-24 04:53:45
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD3200BEVT-75ZCT2 rev.11.01A11
Running: 8vtkk1pq.exe; Driver: C:\Users\POKEHI~1\AppData\Local\Temp\uxtyrkoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8DAD6640]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82C44498]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x82C444C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82C444AE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82C44484]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 82279982 5 Bytes JMP 82C44488 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!KeSetEvent + 621 822FADA4 4 Bytes [40, 66, AD, 8D]
PAGE ntkrnlpa.exe!ZwTerminateProcess 8243F143 5 Bytes JMP 82C444C6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8245E89A 7 Bytes JMP 82C4449C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8245EB5D 5 Bytes JMP 82C444B2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? C:\Users\POKEHI~1\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[336] ntdll.dll!NtCreateFile 77D44244 5 Bytes JMP 008B0000
.text C:\Windows\Explorer.EXE[336] ntdll.dll!NtCreateProcess 77D44304 5 Bytes JMP 008B0022
.text C:\Windows\Explorer.EXE[336] ntdll.dll!NtProtectVirtualMemory 77D44BA4 5 Bytes JMP 008B0011
.text C:\Windows\Explorer.EXE[336] kernel32.dll!GetStartupInfoW 76761929 5 Bytes JMP 00170F6B
.text C:\Windows\Explorer.EXE[336] kernel32.dll!GetStartupInfoA 767619C9 5 Bytes JMP 001700B1
.text C:\Windows\Explorer.EXE[336] kernel32.dll!CreateProcessW 76761BF3 5 Bytes JMP 001700E7
.text C:\Windows\Explorer.EXE[336] kernel32.dll!CreateProcessA 76761C28 5 Bytes JMP 001700D6
.text C:\Windows\Explorer.EXE[336] kernel32.dll!VirtualProtect 76761DC3 5 Bytes JMP 00170071
.text C:\Windows\Explorer.EXE[336] kernel32.dll!CreateNamedPipeA 76762EF5 5 Bytes JMP 00170FDE
.text C:\Windows\Explorer.EXE[336] kernel32.dll!CreateNamedPipeW 76765C0C 5 Bytes JMP 0017002F
.text C:\Windows\Explorer.EXE[336] kernel32.dll!CreatePipe 76788F06 5 Bytes JMP 00170F7C
.text C:\Windows\Explorer.EXE[336] kernel32.dll!LoadLibraryExW 7678927C 5 Bytes JMP 00170F97
.text C:\Windows\Explorer.EXE[336] kernel32.dll!LoadLibraryW 76789400 5 Bytes JMP 0017004A
.text C:\Windows\Explorer.EXE[336] kernel32.dll!LoadLibraryExA 76789554 5 Bytes JMP 00170FA8
.text C:\Windows\Explorer.EXE[336] kernel32.dll!LoadLibraryA 7678957C 5 Bytes JMP 00170FC3
.text C:\Windows\Explorer.EXE[336] kernel32.dll!VirtualProtectEx 7678DC52 5 Bytes JMP 0017008C
.text C:\Windows\Explorer.EXE[336] kernel32.dll!GetProcAddress 767A925B 5 Bytes JMP 00170102
.text C:\Windows\Explorer.EXE[336] kernel32.dll!CreateFileW 767AB0EB 5 Bytes JMP 0017000A
.text C:\Windows\Explorer.EXE[336] kernel32.dll!CreateFileA 767AD07F 5 Bytes JMP 00170FEF
.text C:\Windows\Explorer.EXE[336] kernel32.dll!WinExec 767F60CF 5 Bytes JMP 00170F50
.text C:\Windows\Explorer.EXE[336] ADVAPI32.dll!RegCreateKeyExA 763C39AB 5 Bytes JMP 008C0043
.text C:\Windows\Explorer.EXE[336] ADVAPI32.dll!RegCreateKeyA 763C3BA9 5 Bytes JMP 008C0FA8
.text C:\Windows\Explorer.EXE[336] ADVAPI32.dll!RegOpenKeyA 763C89C7 5 Bytes JMP 008C0FEF
.text C:\Windows\Explorer.EXE[336] ADVAPI32.dll!RegCreateKeyW 763D391E 5 Bytes JMP 008C0F97
.text C:\Windows\Explorer.EXE[336] ADVAPI32.dll!RegCreateKeyExW 763D41F1 5 Bytes JMP 008C0F7C
.text C:\Windows\Explorer.EXE[336] ADVAPI32.dll!RegOpenKeyExA 763D7C42 5 Bytes JMP 008C0014
.text C:\Windows\Explorer.EXE[336] ADVAPI32.dll!RegOpenKeyW 763DE2B5 5 Bytes JMP 008C0FDE
.text C:\Windows\Explorer.EXE[336] ADVAPI32.dll!RegOpenKeyExW 763E7BA1 5 Bytes JMP 008C0FB9
.text C:\Windows\Explorer.EXE[336] msvcrt.dll!_wsystem 768B7F3F 5 Bytes JMP 008D0047
.text C:\Windows\Explorer.EXE[336] msvcrt.dll!system 768B805B 5 Bytes JMP 008D0FBC
.text C:\Windows\Explorer.EXE[336] msvcrt.dll!_creat 768BBBF1 5 Bytes JMP 008D0022
.text C:\Windows\Explorer.EXE[336] msvcrt.dll!_open 768BD116 5 Bytes JMP 008D0000
.text C:\Windows\Explorer.EXE[336] msvcrt.dll!_wcreat 768BD336 5 Bytes JMP 008D0FD7
.text C:\Windows\Explorer.EXE[336] msvcrt.dll!_wopen 768BD511 5 Bytes JMP 008D0011
.text C:\Windows\Explorer.EXE[336] WININET.dll!InternetOpenA 76D9D688 5 Bytes JMP 03750000
.text C:\Windows\Explorer.EXE[336] WININET.dll!InternetOpenUrlA 76DAE296 5 Bytes JMP 03750FCA
.text C:\Windows\Explorer.EXE[336] WININET.dll!InternetOpenW 76DB72A6 5 Bytes JMP 03750FDB
.text C:\Windows\Explorer.EXE[336] WININET.dll!InternetOpenUrlW 76E0D9BA 5 Bytes JMP 03750FA5
.text C:\Windows\Explorer.EXE[336] WS2_32.dll!socket 76D536D1 5 Bytes JMP 037E0FEF
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[524] kernel32.dll!LoadLibraryW 76789400 5 Bytes JMP 70209A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[524] kernel32.dll!LoadLibraryA 7678957C 5 Bytes JMP 702099A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\services.exe[668] ntdll.dll!NtCreateFile 77D44244 5 Bytes JMP 0045000A
.text C:\Windows\system32\services.exe[668] ntdll.dll!NtCreateProcess 77D44304 5 Bytes JMP 00450025
.text C:\Windows\system32\services.exe[668] ntdll.dll!NtProtectVirtualMemory 77D44BA4 5 Bytes JMP 00450FE5
.text C:\Windows\system32\services.exe[668] kernel32.dll!GetStartupInfoW 76761929 5 Bytes JMP 00160F80
.text C:\Windows\system32\services.exe[668] kernel32.dll!GetStartupInfoA 767619C9 5 Bytes JMP 001600D0
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreateProcessW 76761BF3 5 Bytes JMP 00160F5E
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreateProcessA 76761C28 5 Bytes JMP 00160F6F
.text C:\Windows\system32\services.exe[668] kernel32.dll!VirtualProtect 76761DC3 5 Bytes JMP 00160FAF
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreateNamedPipeA 76762EF5 5 Bytes JMP 0016001B
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreateNamedPipeW 76765C0C 5 Bytes JMP 0016002C
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreatePipe 76788F06 5 Bytes JMP 001600B5
.text C:\Windows\system32\services.exe[668] kernel32.dll!LoadLibraryExW 7678927C 5 Bytes JMP 00160FC0
.text C:\Windows\system32\services.exe[668] kernel32.dll!LoadLibraryW 76789400 5 Bytes JMP 00160058
.text C:\Windows\system32\services.exe[668] kernel32.dll!LoadLibraryExA 76789554 5 Bytes JMP 00160073
.text C:\Windows\system32\services.exe[668] kernel32.dll!LoadLibraryA 7678957C 5 Bytes JMP 00160047
.text C:\Windows\system32\services.exe[668] kernel32.dll!VirtualProtectEx 7678DC52 5 Bytes JMP 001600A4
.text C:\Windows\system32\services.exe[668] kernel32.dll!GetProcAddress 767A925B 5 Bytes JMP 00160110
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreateFileW 767AB0EB 5 Bytes JMP 0016000A
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreateFileA 767AD07F 5 Bytes JMP 00160FEF
.text C:\Windows\system32\services.exe[668] kernel32.dll!WinExec 767F60CF 5 Bytes JMP 001600E1
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegCreateKeyExA 763C39AB 1 Byte [E9]
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegCreateKeyExA 763C39AB 5 Bytes JMP 004A0FAF
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegCreateKeyA 763C3BA9 5 Bytes JMP 004A0040
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegOpenKeyA 763C89C7 5 Bytes JMP 004A0FEF
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegCreateKeyW 763D391E 5 Bytes JMP 004A0051
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegCreateKeyExW 763D41F1 5 Bytes JMP 004A0F9E
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegOpenKeyExA 763D7C42 5 Bytes JMP 004A001E
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegOpenKeyW 763DE2B5 5 Bytes JMP 004A0FDE
.text C:\Windows\system32\services.exe[668] ADVAPI32.dll!RegOpenKeyExW 763E7BA1 5 Bytes JMP 004A002F
.text C:\Windows\system32\services.exe[668] msvcrt.dll!_wsystem 768B7F3F 5 Bytes JMP 004F003F
.text C:\Windows\system32\services.exe[668] msvcrt.dll!system 768B805B 5 Bytes JMP 004F0FB4
.text C:\Windows\system32\services.exe[668] msvcrt.dll!_creat 768BBBF1 5 Bytes JMP 004F0FE3
.text C:\Windows\system32\services.exe[668] msvcrt.dll!_open 768BD116 5 Bytes JMP 004F0000
.text C:\Windows\system32\services.exe[668] msvcrt.dll!_wcreat 768BD336 5 Bytes JMP 004F002E
.text C:\Windows\system32\services.exe[668] msvcrt.dll!_wopen 768BD511 5 Bytes JMP 004F0011
.text C:\Windows\system32\services.exe[668] WS2_32.dll!socket 76D536D1 5 Bytes JMP 00500FE5
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateFile 77D44244 5 Bytes JMP 0089000A
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtCreateProcess 77D44304 5 Bytes JMP 00890040
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtProtectVirtualMemory 77D44BA4 5 Bytes JMP 0089001B
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!GetStartupInfoW 76761929 5 Bytes JMP 002700BC
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!GetStartupInfoA 767619C9 5 Bytes JMP 002700AB
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateProcessW 76761BF3 5 Bytes JMP 00270F40
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateProcessA 76761C28 5 Bytes JMP 00270F51
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!VirtualProtect 76761DC3 5 Bytes JMP 0027007F
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateNamedPipeA 76762EF5 5 Bytes JMP 0027002C
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateNamedPipeW 76765C0C 5 Bytes JMP 00270FDB
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreatePipe 76788F06 5 Bytes JMP 00270F8A
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryExW 7678927C 5 Bytes JMP 00270FA5
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryW 76789400 5 Bytes JMP 00270047
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryExA 76789554 1 Byte [E9]
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryExA 76789554 5 Bytes JMP 00270058
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryA 7678957C 5 Bytes JMP 00270FC0
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!VirtualProtectEx 7678DC52 5 Bytes JMP 00270090
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!GetProcAddress 767A925B 5 Bytes JMP 002700E8
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateFileW 767AB0EB 5 Bytes JMP 0027001B
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateFileA 767AD07F 5 Bytes JMP 00270000
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!WinExec 767F60CF 5 Bytes JMP 002700CD
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyExA 763C39AB 1 Byte [E9]
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyExA 763C39AB 5 Bytes JMP 008A0FAF
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyA 763C3BA9 5 Bytes JMP 008A0FD4
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyA 763C89C7 5 Bytes JMP 008A0FE5
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyW 763D391E 5 Bytes JMP 008A0051
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyExW 763D41F1 5 Bytes JMP 008A0F9E
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyExA 763D7C42 5 Bytes JMP 008A001B
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyW 763DE2B5 5 Bytes JMP 008A0000
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyExW 763E7BA1 5 Bytes JMP 008A0040
.text C:\Windows\system32\lsass.exe[700] msvcrt.dll!_wsystem 768B7F3F 5 Bytes JMP 008B0FA6
.text C:\Windows\system32\lsass.exe[700] msvcrt.dll!system 768B805B 5 Bytes JMP 008B0FB7
.text C:\Windows\system32\lsass.exe[700] msvcrt.dll!_creat 768BBBF1 5 Bytes JMP 008B000C
.text C:\Windows\system32\lsass.exe[700] msvcrt.dll!_open 768BD116 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\lsass.exe[700] msvcrt.dll!_wcreat 768BD336 5 Bytes JMP 008B0031
.text C:\Windows\system32\lsass.exe[700] msvcrt.dll!_wopen 768BD511 5 Bytes JMP 008B0FD2
.text C:\Windows\system32\lsass.exe[700] WS2_32.dll!socket 76D536D1 5 Bytes JMP 00900000
.text C:\Windows\system32\svchost.exe[884] ntdll.dll!NtCreateFile 77D44244 5 Bytes JMP 00720FEF
.text C:\Windows\system32\svchost.exe[884] ntdll.dll!NtCreateProcess 77D44304 5 Bytes JMP 00720000
.text C:\Windows\system32\svchost.exe[884] ntdll.dll!NtProtectVirtualMemory 77D44BA4 5 Bytes JMP 00720FD4
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetStartupInfoW 76761929 5 Bytes JMP 001C0F52
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetStartupInfoA 767619C9 5 Bytes JMP 001C0F77
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateProcessW 76761BF3 5 Bytes JMP 001C0F37
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateProcessA 76761C28 5 Bytes JMP 001C00CE
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!VirtualProtect 76761DC3 5 Bytes JMP 001C0F88
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeA 76762EF5 5 Bytes JMP 001C0025
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeW 76765C0C 5 Bytes JMP 001C0036
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreatePipe 76788F06 5 Bytes JMP 001C00A2
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 7678927C 5 Bytes JMP 001C0FAF
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryW 76789400 5 Bytes JMP 001C0051
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryExA 76789554 5 Bytes JMP 001C006C
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryA 7678957C 5 Bytes JMP 001C0FCA
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!VirtualProtectEx 7678DC52 5 Bytes JMP 001C0087
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetProcAddress 767A925B 5 Bytes JMP 001C0F1C
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateFileW 767AB0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateFileW 767AB0EB 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateFileA 767AD07F 5 Bytes JMP 001C000A
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!WinExec 767F60CF 5 Bytes JMP 001C00B3
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_wsystem 768B7F3F 5 Bytes JMP 0074005F
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!system 768B805B 5 Bytes JMP 00740044
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_creat 768BBBF1 5 Bytes JMP 00740FEF
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_open 768BD116 5 Bytes JMP 00740000
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_wcreat 768BD336 5 Bytes JMP 00740FD4
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_wopen 768BD511 5 Bytes JMP 00740029
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExA 763C39AB 5 Bytes JMP 00730F5E
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyA 763C3BA9 5 Bytes JMP 0073000A
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyA 763C89C7 5 Bytes JMP 00730FEF
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyW 763D391E 5 Bytes JMP 00730F79
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExW 763D41F1 5 Bytes JMP 00730025
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExA 763D7C42 5 Bytes JMP 00730FB9
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyW 763DE2B5 5 Bytes JMP 00730FD4
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExW 763E7BA1 5 Bytes JMP 00730F9E
.text C:\Windows\system32\svchost.exe[884] WS2_32.dll!socket 76D536D1 5 Bytes JMP 00790000
.text C:\Windows\system32\svchost.exe[968] ntdll.dll!NtCreateFile 77D44244 5 Bytes JMP 00140FE5
.text C:\Windows\system32\svchost.exe[968] ntdll.dll!NtCreateProcess 77D44304 5 Bytes JMP 00140000
.text C:\Windows\system32\svchost.exe[968] ntdll.dll!NtProtectVirtualMemory 77D44BA4 5 Bytes JMP 00140FD4
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!GetStartupInfoW 76761929 5 Bytes JMP 001300C9
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!GetStartupInfoA 767619C9 5 Bytes JMP 001300B8
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!CreateProcessW 76761BF3 5 Bytes JMP 00130F39
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!CreateProcessA 76761C28 5 Bytes JMP 001300DA
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!VirtualProtect 76761DC3 5 Bytes JMP 00130071
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!CreateNamedPipeA 76762EF5 5 Bytes JMP 00130FCA
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!CreateNamedPipeW 76765C0C 5 Bytes JMP 00130FB9
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!CreatePipe 76788F06 5 Bytes JMP 0013009D
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!LoadLibraryExW 7678927C 5 Bytes JMP 00130F97
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!LoadLibraryW 76789400 5 Bytes JMP 0013004A
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!LoadLibraryExA 76789554 5 Bytes JMP 00130FA8
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!LoadLibraryA 7678957C 5 Bytes JMP 0013002F
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!VirtualProtectEx 7678DC52 5 Bytes JMP 0013008C
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!GetProcAddress 767A925B 5 Bytes JMP 001300EB
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!CreateFileW 767AB0EB 5 Bytes JMP 00130FE5
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!CreateFileA 767AD07F 5 Bytes JMP 00130000
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!WinExec 767F60CF 5 Bytes JMP 00130F68
.text C:\Windows\system32\svchost.exe[968] msvcrt.dll!_wsystem 768B7F3F 5 Bytes JMP 00160053
.text C:\Windows\system32\svchost.exe[968] msvcrt.dll!system 768B805B 5 Bytes JMP 00160038
.text C:\Windows\system32\svchost.exe[968] msvcrt.dll!_creat 768BBBF1 5 Bytes JMP 00160FD2
.text C:\Windows\system32\svchost.exe[968] msvcrt.dll!_open 768BD116 5 Bytes JMP 00160FE3
.text C:\Windows\system32\svchost.exe[968] msvcrt.dll!_wcreat 768BD336 5 Bytes JMP 00160027
.text C:\Windows\system32\svchost.exe[968] msvcrt.dll!_wopen 768BD511 5 Bytes JMP 0016000C
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExA 763C39AB 5 Bytes JMP 00150F72
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyA 763C3BA9 5 Bytes JMP 00150F94
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyA 763C89C7 5 Bytes JMP 00150000
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyW 763D391E 5 Bytes JMP 00150F83
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExW 763D41F1 5 Bytes JMP 00150F61
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExA 763D7C42 5 Bytes JMP 00150FCA
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyW 763DE2B5 5 Bytes JMP 00150FDB
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExW 763E7BA1 5 Bytes JMP 00150FAF
.text C:\Windows\system32\svchost.exe[968] WS2_32.dll!socket 76D536D1 5 Bytes JMP 0018000A
.text C:\Windows\System32\svchost.exe[1004] ntdll.dll!NtCreateFile 77D44244 5 Bytes JMP 0078000A
.text C:\Windows\System32\svchost.exe[1004] ntdll.dll!NtCreateProcess 77D44304 5 Bytes JMP 00780FDE
.text C:\Windows\System32\svchost.exe[1004] ntdll.dll!NtProtectVirtualMemory 77D44BA4 5 Bytes JMP 00780FEF
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!GetStartupInfoW 76761929 5 Bytes JMP 006E00A7
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!GetStartupInfoA 767619C9 5 Bytes JMP 006E0096
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateProcessW 76761BF3 5 Bytes JMP 006E00DD
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateProcessA 76761C28 5 Bytes JMP 006E00C2
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!VirtualProtect 76761DC3 5 Bytes JMP 006E0F86
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateNamedPipeA 76762EF5 5 Bytes JMP 006E001E
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateNamedPipeW 76765C0C 5 Bytes JMP 006E0FCD
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreatePipe 76788F06 5 Bytes JMP 006E0F75
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!LoadLibraryExW 7678927C 5 Bytes JMP 006E0FA1
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!LoadLibraryW 76789400 5 Bytes JMP 006E0054
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!LoadLibraryExA 76789554 5 Bytes JMP 006E0FBC
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!LoadLibraryA 7678957C 5 Bytes JMP 006E0039
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!VirtualProtectEx 7678DC52 5 Bytes JMP 006E0085
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!GetProcAddress 767A925B 5 Bytes JMP 006E0F35
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateFileW 767AB0EB 5 Bytes JMP 006E0FDE
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!CreateFileA 767AD07F 5 Bytes JMP 006E0FEF
.text C:\Windows\System32\svchost.exe[1004] kernel32.dll!WinExec 767F60CF 5 Bytes JMP 006E0F46
.text C:\Windows\System32\svchost.exe[1004] msvcrt.dll!_wsystem 768B7F3F 5 Bytes JMP 008F000C
.text C:\Windows\System32\svchost.exe[1004] msvcrt.dll!system 768B805B 5 Bytes JMP 008F0F8B
.text C:\Windows\System32\svchost.exe[1004] msvcrt.dll!_creat 768BBBF1 5 Bytes JMP 008F0FC1
.text C:\Windows\System32\svchost.exe[1004] msvcrt.dll!_open 768BD116 5 Bytes JMP 008F0FE3
.text C:\Windows\System32\svchost.exe[1004] msvcrt.dll!_wcreat 768BD336 5 Bytes JMP 008F0F9C
.text C:\Windows\System32\svchost.exe[1004] msvcrt.dll!_wopen 768BD511 5 Bytes JMP 008F0FD2
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExA 763C39AB 5 Bytes JMP 008E0047
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyA 763C3BA9 5 Bytes JMP 008E0FAF
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyA 763C89C7 5 Bytes JMP 008E0FE5
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyW 763D391E 5 Bytes JMP 008E0036
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExW 763D41F1 5 Bytes JMP 008E006C
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExA 763D7C42 5 Bytes JMP 008E0FCA
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyW 763DE2B5 5 Bytes JMP 008E0000
.text C:\Windows\System32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExW 763E7BA1 5 Bytes JMP 008E001B
.text C:\Windows\System32\svchost.exe[1004] WS2_32.dll!socket 76D536D1 5 Bytes JMP 00900FE5
.text C:\Windows\System32\svchost.exe[1004] WININET.dll!InternetOpenA 76D9D688 5 Bytes JMP 00910FE5
.text C:\Windows\System32\svchost.exe[1004] WININET.dll!InternetOpenUrlA 76DAE296 5 Bytes JMP 00910FCA
.text C:\Windows\System32\svchost.exe[1004] WININET.dll!InternetOpenW 76DB72A6 5 Bytes JMP 00910000
.text C:\Windows\System32\svchost.exe[1004] WININET.dll!InternetOpenUrlW 76E0D9BA 5 Bytes JMP 00910FAF
.text C:\Windows\System32\svchost.exe[1096] ntdll.dll!NtCreateFile 77D44244 5 Bytes JMP 00170FEF
.text C:\Windows\System32\svchost.exe[1096] ntdll.dll!NtCreateProcess 77D44304 5 Bytes JMP 00170FDE
.text C:\Windows\System32\svchost.exe[1096] ntdll.dll!NtProtectVirtualMemory 77D44BA4 5 Bytes JMP 0017000A
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 76761929 5 Bytes JMP 0016005E
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 767619C9 5 Bytes JMP 00160F18
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessW 76761BF3 5 Bytes JMP 00160080
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessA 76761C28 5 Bytes JMP 0016006F
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtect 76761DC3 5 Bytes JMP 00160F4B
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 76762EF5 5 Bytes JMP 0016000A
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 76765C0C 5 Bytes JMP 00160025
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreatePipe 76788F06 5 Bytes JMP 00160F29
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 7678927C 5 Bytes JMP 00160F5C
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryW 76789400 5 Bytes JMP 00160F94
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 76789554 5 Bytes JMP 00160F79
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryA 7678957C 5 Bytes JMP 00160FB9
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 7678DC52 5 Bytes JMP 00160F3A
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetProcAddress 767A925B 5 Bytes JMP 00160EC4
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileW 767AB0EB 5 Bytes JMP 00160FDE
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileA 767AD07F 5 Bytes JMP 00160FEF
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!WinExec 767F60CF 5 Bytes JMP 00160EF3
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wsystem 768B7F3F 5 Bytes JMP 008E0FC1
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!system 768B805B 5 Bytes JMP 008E0FD2
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_creat 768BBBF1 5 Bytes JMP 008E002E
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_open 768BD116 5 Bytes JMP 008E0000
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wcreat 768BD336 5 Bytes JMP 008E0FE3
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wopen 768BD511 5 Bytes JMP 008E0011
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 763C39AB 5 Bytes JMP 008D0F80
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 763C3BA9 5 Bytes JMP 008D001B
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 763C89C7 5 Bytes JMP 008D0000
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 763D391E 5 Bytes JMP 008D002C
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 763D41F1 5 Bytes JMP 008D0F6F
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 763D7C42 5 Bytes JMP 008D0FCA
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 763DE2B5 5 Bytes JMP 008D0FE5
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 763E7BA1 5 Bytes JMP 008D0FAF
.text C:\Windows\System32\svchost.exe[1096] WS2_32.dll!socket 76D536D1 5 Bytes JMP 00E20FE5
.text C:\Windows\System32\svchost.exe[1160] ntdll.dll!NtCreateFile 77D44244 5 Bytes JMP 00890000
.text C:\Windows\System32\svchost.exe[1160] ntdll.dll!NtCreateProcess 77D44304 5 Bytes JMP 00890022
.text C:\Windows\System32\svchost.exe[1160] ntdll.dll!NtProtectVirtualMemory 77D44BA4 5 Bytes JMP 00890011
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!GetStartupInfoW 76761929 5 Bytes JMP 008800A5
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!GetStartupInfoA 767619C9 5 Bytes JMP 00880F55
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateProcessW 76761BF3 5 Bytes JMP 008800C0
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateProcessA 76761C28 5 Bytes JMP 00880F33
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!VirtualProtect 76761DC3 5 Bytes JMP 0088005B
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateNamedPipeA 76762EF5 5 Bytes JMP 00880FC3
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateNamedPipeW 76765C0C 5 Bytes JMP 00880FB2
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreatePipe 76788F06 5 Bytes JMP 00880080
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!LoadLibraryExW 7678927C 5 Bytes JMP 0088004A
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!LoadLibraryW 76789400 5 Bytes JMP 0088001E
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!LoadLibraryExA 76789554 5 Bytes JMP 0088002F
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!LoadLibraryA 7678957C 5 Bytes JMP 00880FA1
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 7678DC52 5 Bytes JMP 00880F70
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!GetProcAddress 767A925B 5 Bytes JMP 008800D1
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateFileW 767AB0EB 5 Bytes JMP 00880FD4
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateFileA 767AD07F 5 Bytes JMP 00880FEF
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!WinExec 767F60CF 5 Bytes JMP 00880F44
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_wsystem 768B7F3F 5 Bytes JMP 008C0031
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!system 768B805B 5 Bytes JMP 008C0F9C
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_creat 768BBBF1 5 Bytes JMP 008C0016
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_open 768BD116 5 Bytes JMP 008C0FE3
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_wcreat 768BD336 5 Bytes JMP 008C0FB7
.text C:\Windows\System32\svchost.exe[1160] msvcrt.dll!_wopen 768BD511 5 Bytes JMP 008C0FD2
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExA 763C39AB 5 Bytes JMP 008A0F94
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyA 763C3BA9 5 Bytes JMP 008A002C
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyA 763C89C7 5 Bytes JMP 008A0FEF
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW 763D391E 5 Bytes JMP 008A0FA5
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExW 763D41F1 5 Bytes JMP 008A0051
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExA 763D7C42 5 Bytes JMP 008A0FCA
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyW 763DE2B5 5 Bytes JMP 008A000A
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExW 763E7BA1 5 Bytes JMP 008A001B
.text C:\Windows\System32\svchost.exe[1160] WS2_32.dll!socket 76D536D1 5 Bytes JMP 008E0000
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!NtCreateFile 77D44244 5 Bytes JMP 00FB0FEF
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!NtCreateProcess 77D44304 5 Bytes JMP 00FB001B
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!NtProtectVirtualMemory 77D44BA4 5 Bytes JMP 00FB000A
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoW 76761929 5 Bytes JMP 00F100B6
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoA 767619C9 5 Bytes JMP 00F10F70
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 76761BF3 5 Bytes JMP 00F100F3
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 76761C28 5 Bytes JMP 00F100D8
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!VirtualProtect 76761DC3 5 Bytes JMP 00F1006F
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeA 76762EF5 5 Bytes JMP 00F10FDE
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeW 76765C0C 5 Bytes JMP 00F10FCD
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreatePipe 76788F06 5 Bytes JMP 00F1009B
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 7678927C 5 Bytes JMP 00F1005E
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryW 76789400 5 Bytes JMP 00F10043
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 76789554 5 Bytes JMP 00F10FA1
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!LoadLibraryA 7678957C 5 Bytes JMP 00F10FBC
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 7678DC52 5 Bytes JMP 00F10080
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!GetProcAddress 767A925B 5 Bytes JMP 00F10104
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateFileW 767AB0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateFileW 767AB0EB 5 Bytes JMP 00F10FEF
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!CreateFileA 767AD07F 5 Bytes JMP 00F1000A
.text C:\Windows\system32\svchost.exe[1180] kernel32.dll!WinExec 767F60CF 5 Bytes JMP 00F100C7
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_wsystem 768B7F3F 5 Bytes JMP 01290FB7
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!system 768B805B 5 Bytes JMP 01290FC8
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_creat 768BBBF1 5 Bytes JMP 0129001D
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_open 768BD116 5 Bytes JMP 01290000
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_wcreat 768BD336 5 Bytes JMP 01290038
.text C:\Windows\system32\svchost.exe[1180] msvcrt.dll!_wopen 768BD511 5 Bytes JMP 01290FE3
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA 763C39AB 5 Bytes JMP 0124004A
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA 763C3BA9 5 Bytes JMP 0124002F
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 763C89C7 5 Bytes JMP 01240000
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW 763D391E 5 Bytes JMP 01240FA8
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW 763D41F1 5 Bytes JMP 01240F83
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA 763D7C42 5 Bytes JMP 01240FD4
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW 763DE2B5 5 Bytes JMP 01240FE5
.text C:\Windows\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW 763E7BA1 5 Bytes JMP 01240FC3
.text C:\Windows\system32\svchost.exe[1180] WS2_32.dll!socket 76D536D1 5 Bytes JMP 012A0FE5
.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!NtCreateFile 77D44244 5 Bytes JMP 007A0FEF
.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!NtCreateProcess 77D44304 5 Bytes JMP 007A0FC3
.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!NtProtectVirtualMemory 77D44BA4 5 Bytes JMP 007A0FDE
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoW 76761929 5 Bytes JMP 00180093
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoA 767619C9 5 Bytes JMP 00180078
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 76761BF3 5 Bytes JMP 001800B8
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 76761C28 5 Bytes JMP 00180F21
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!VirtualProtect 76761DC3 5 Bytes JMP 0018005D
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeA 76762EF5 5 Bytes JMP 00180FCA
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeW 76765C0C 5 Bytes JMP 0018001B
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreatePipe 76788F06 5 Bytes JMP 00180F4D
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExW 7678927C 5 Bytes JMP 00180F83
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryW 76789400 5 Bytes JMP 00180FAF
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExA 76789554 5 Bytes JMP 00180F94
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!LoadLibraryA 7678957C 5 Bytes JMP 0018002C
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!VirtualProtectEx 7678DC52 5 Bytes JMP 00180F5E
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!GetProcAddress 767A925B 5 Bytes JMP 001800DD
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateFileW 767AB0EB 5 Bytes JMP 00180FE5
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateFileA 767AD07F 5 Bytes JMP 00180000
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!WinExec 767F60CF 5 Bytes JMP 00180F32
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wsystem 768B7F3F 5 Bytes JMP 007C0056
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!system 768B805B 5 Bytes JMP 007C0FC1
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_creat 768BBBF1 5 Bytes JMP 007C0027
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_open 768BD116 5 Bytes JMP 007C0000
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wcreat 768BD336 5 Bytes JMP 007C0FD2
.text C:\Windows\system32\svchost.exe[1272] msvcrt.dll!_wopen 768BD511 5 Bytes JMP 007C0FE3
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExA 763C39AB 5 Bytes JMP 007B0F7C
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyA 763C3BA9 5 Bytes JMP 007B0FA8
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyA 763C89C7 5 Bytes JMP 007B0FEF
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW 763D391E 5 Bytes JMP 007B0F97
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExW 763D41F1 5 Bytes JMP 007B0039
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExA 763D7C42 5 Bytes JMP 007B0FCA
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyW 763DE2B5 5 Bytes JMP 007B0000
.text C:\Windows\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExW 763E7BA1 5 Bytes JMP 007B0FB9
.text C:\Windows\system32\svchost.exe[1272] WS2_32.dll!socket 76D536D1 5 Bytes JMP 007E0FE5
.text C:\Windows\system32\svchost.exe[1336] ntdll.dll!NtCreateFile 77D44244 5 Bytes JMP 008B000A
.text C:\Windows\system32\svchost.exe[1336] ntdll.dll!NtCreateProcess 77D44304 5 Bytes JMP 008B0025
.text C:\Windows\system32\svchost.exe[1336] ntdll.dll!NtProtectVirtualMemory 77D44BA4 5 Bytes JMP 008B0FE5
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoW 76761929 5 Bytes JMP 008A0093
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoA 767619C9 5 Bytes JMP 008A0082
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 76761BF3 5 Bytes JMP 008A0F28
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 76761C28 5 Bytes JMP 008A00BF
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!VirtualProtect 76761DC3 5 Bytes JMP 008A0F83
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeA 76762EF5 5 Bytes JMP 008A0025
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeW 76765C0C 5 Bytes JMP 008A0FD4
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreatePipe 76788F06 5 Bytes JMP 008A0F57
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 7678927C 5 Bytes JMP 008A0F9E
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!LoadLibraryW 76789400 5 Bytes JMP 008A0040
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExA 76789554 5 Bytes JMP 008A005B
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!LoadLibraryA 7678957C 5 Bytes JMP 008A0FC3
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7678DC52 5 Bytes JMP 008A0F68
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!GetProcAddress 767A925B 5 Bytes JMP 008A00D0
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreateFileW 767AB0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreateFileW 767AB0EB 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!CreateFileA 767AD07F 5 Bytes JMP 008A0000
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!WinExec 767F60CF 5 Bytes JMP 008A00AE
.text C:\Windows\system32\svchost.exe[1336] msvcrt.dll!_wsystem 768B7F3F 5 Bytes JMP 008E0058
.text C:\Windows\system32\svchost.exe[1336] msvcrt.dll!system 768B805B 5 Bytes JMP 008E0047
.text C:\Windows\system32\svchost.exe[1336] msvcrt.dll!_creat 768BBBF1 5 Bytes JMP 008E0011
.text C:\Windows\system32\svchost.exe[1336] msvcrt.dll!_open 768BD116 5 Bytes JMP 008E0FE3
.text C:\Windows\system32\svchost.exe[1336] msvcrt.dll!_wcreat 768BD336 5 Bytes JMP 008E002C
.text C:\Windows\system32\svchost.exe[1336] msvcrt.dll!_wopen 768BD511 5 Bytes JMP 008E0000
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExA 763C39AB 5 Bytes JMP 008D004E
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyA 763C3BA9 5 Bytes JMP 008D0FB6
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyA 763C89C7 5 Bytes JMP 008D0000
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyW 763D391E 5 Bytes JMP 008D003D
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExW 763D41F1 5 Bytes JMP 008D0069
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExA 763D7C42 5 Bytes JMP 008D0FDB
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyW 763DE2B5 5 Bytes JMP 008D0011
.text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExW 763E7BA1 5 Bytes JMP 008D002C
.text C:\Windows\system32\svchost.exe[1336] WS2_32.dll!socket 76D536D1 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[1336] WININET.dll!InternetOpenA 76D9D688 5 Bytes JMP 00900FEF
.text C:\Windows\system32\svchost.exe[1336] WININET.dll!InternetOpenUrlA 76DAE296 5 Bytes JMP 00900FD4
.text C:\Windows\system32\svchost.exe[1336] WININET.dll!InternetOpenW 76DB72A6 5 Bytes JMP 0090000A
.text C:\Windows\system32\svchost.exe[1336] WININET.dll!InternetOpenUrlW 76E0D9BA 5 Bytes JMP 00900025
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateFile 77D44244 5 Bytes JMP 009B0FEF
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateProcess 77D44304 5 Bytes JMP 009B0025
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtProtectVirtualMemory 77D44BA4 5 Bytes JMP 009B000A
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetStartupInfoW 76761929 5 Bytes JMP 00920F32
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetStartupInfoA 767619C9 5 Bytes JMP 00920F4D
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateProcessW 76761BF3 5 Bytes JMP 00920F21
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateProcessA 76761C28 5 Bytes JMP 009200AE
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!VirtualProtect 76761DC3 5 Bytes JMP 00920078
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateNamedPipeA 76762EF5 5 Bytes JMP 0092001B
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateNamedPipeW 76765C0C 5 Bytes JMP 00920036
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreatePipe 76788F06 5 Bytes JMP 00920F68
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExW 7678927C 5 Bytes JMP 00920F9E
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryW 76789400 5 Bytes JMP 00920FB9
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExA 76789554 5 Bytes JMP 0092005B
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!LoadLibraryA 7678957C 5 Bytes JMP 00920FCA
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!VirtualProtectEx 7678DC52 5 Bytes JMP 00920F79
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetProcAddress 767A925B 5 Bytes JMP 009200D3
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateFileW 767AB0EB 5 Bytes JMP 0092000A
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!CreateFileA 767AD07F 5 Bytes JMP 00920FEF
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!WinExec 767F60CF 5 Bytes JMP 0092009D
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_wsystem 768B7F3F 5 Bytes JMP 00A50F9C
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!system 768B805B 5 Bytes JMP 00A50FAD
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_creat 768BBBF1 5 Bytes JMP 00A50027
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_open 768BD116 5 Bytes JMP 00A50FE3
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_wcreat 768BD336 5 Bytes JMP 00A50FD2
.text C:\Windows\system32\svchost.exe[1476] msvcrt.dll!_wopen 768BD511 5 Bytes JMP 00A5000C
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExA 763C39AB 5 Bytes JMP 009C0F8D
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyA 763C3BA9 5 Bytes JMP 009C0FC3
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyA 763C89C7 5 Bytes JMP 009C000A
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyW 763D391E 5 Bytes JMP 009C0FA8
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExW 763D41F1 5 Bytes JMP 009C0F72
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExA 763D7C42 5 Bytes JMP 009C0025
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyW 763DE2B5 5 Bytes JMP 009C0FEF
.text C:\Windows\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExW 763E7BA1 5 Bytes JMP 009C0FD4
.text C:\Windows\system32\svchost.exe[1476] WS2_32.dll!socket 76D536D1 5 Bytes JMP 00A6000A
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtCreateFile 77D44244 5 Bytes JMP 00A00FEF
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtCreateProcess 77D44304 5 Bytes JMP 00A0000A
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtProtectVirtualMemory 77D44BA4 5 Bytes JMP 00A00FD4
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!GetStartupInfoW 76761929 5 Bytes JMP 009F0F43
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!GetStartupInfoA 767619C9 5 Bytes JMP 009F0093
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!CreateProcessW 76761BF3 5 Bytes JMP 009F00C9
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!CreateProcessA 76761C28 5 Bytes JMP 009F0F32
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!VirtualProtect 76761DC3 5 Bytes JMP 009F0F7C
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!CreateNamedPipeA 76762EF5 5 Bytes JMP 009F0FD4
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!CreateNamedPipeW 76765C0C 5 Bytes JMP 009F0FC3
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!CreatePipe 76788F06 5 Bytes JMP 009F0078
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!LoadLibraryExW 7678927C 5 Bytes JMP 009F004A
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!LoadLibraryW 76789400 5 Bytes JMP 009F0039
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!LoadLibraryExA 76789554 5 Bytes JMP 009F0F97
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!LoadLibraryA 7678957C 5 Bytes JMP 009F0FA8
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!VirtualProtectEx 7678DC52 5 Bytes JMP 009F0067
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!GetProcAddress 767A925B 5 Bytes JMP 009F0F17
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!CreateFileW 767AB0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!CreateFileW 767AB0EB 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!CreateFileA 767AD07F 5 Bytes JMP 009F000A
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!WinExec 767F60CF 5 Bytes JMP 009F00A4
.text C:\Windows\system32\svchost.exe[1676] msvcrt.dll!_wsystem 768B7F3F 5 Bytes JMP 00A8001D
.text C:\Windows\system32\svchost.exe[1676] msvcrt.dll!system 768B805B 5 Bytes JMP 00A80F9C
.text C:\Windows\system32\svchost.exe[1676] msvcrt.dll!_creat 768BBBF1 5 Bytes JMP 00A80FB7
.text C:\Windows\system32\svchost.exe[1676] msvcrt.dll!_open 768BD116 5 Bytes JMP 00A80FE3
.text C:\Windows\system32\svchost.exe[1676] msvcrt.dll!_wcreat 768BD336 5 Bytes JMP 00A8000C
.text C:\Windows\system32\svchost.exe[1676] msvcrt.dll!_wopen 768BD511 5 Bytes JMP 00A80FD2
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyExA 763C39AB 5 Bytes JMP 00A10F8D
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyA 763C3BA9 5 Bytes JMP 00A10FB9
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyA 763C89C7 5 Bytes JMP 00A10FE5
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyW 763D391E 5 Bytes JMP 00A10FA8
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!RegCreateKeyExW 763D41F1 5 Bytes JMP 00A1004A
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyExA 763D7C42 5 Bytes JMP 00A1001B
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyW 763DE2B5 5 Bytes JMP 00A10000
.text C:\Windows\system32\svchost.exe[1676] ADVAPI32.dll!RegOpenKeyExW 763E7BA1 5 Bytes JMP 00A10FCA
.text C:\Windows\system32\svchost.exe[1676] WS2_32.dll!socket 76D536D1 5 Bytes JMP 00E20FEF
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!NtCreateFile 77D44244 5 Bytes JMP 00620FE5
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!NtCreateProcess 77D44304 5 Bytes JMP 00620000
.text C:\Windows\system32\svchost.exe[1972] ntdll.dll!NtProtectVirtualMemory 77D44BA4 5 Bytes JMP 00620FD4
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoW 76761929 5 Bytes JMP 00170F4B
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetStartupInfoA 767619C9 5 Bytes JMP 00170F5C
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateProcessW 76761BF3 5 Bytes JMP 001700C7
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateProcessA 76761C28 5 Bytes JMP 00170F30
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!VirtualProtect 76761DC3 5 Bytes JMP 00170F99
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeA 76762EF5 5 Bytes JMP 0017001B
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateNamedPipeW 76765C0C 5 Bytes JMP 00170036
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreatePipe 76788F06 5 Bytes JMP 00170F77
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExW 7678927C 5 Bytes JMP 0017007D
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryW 76789400 5 Bytes JMP 0017005B
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExA 76789554 5 Bytes JMP 0017006C
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!LoadLibraryA 7678957C 5 Bytes JMP 00170FCA
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!VirtualProtectEx 7678DC52 5 Bytes JMP 00170F88
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetProcAddress 767A925B 5 Bytes JMP 001700E2
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateFileW 767AB0EB 5 Bytes JMP 00170FDB
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!CreateFileA 767AD07F 5 Bytes JMP 00170000
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!WinExec 767F60CF 5 Bytes JMP 001700AC
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_wsystem 768B7F3F 5 Bytes JMP 00880047
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!system 768B805B 5 Bytes JMP 00880036
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_creat 768BBBF1 5 Bytes JMP 0088001B
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_open 768BD116 5 Bytes JMP 00880FEF
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_wcreat 768BD336 5 Bytes JMP 00880FC6
.text C:\Windows\system32\svchost.exe[1972] msvcrt.dll!_wopen 768BD511 5 Bytes JMP 00880000
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExA 763C39AB 5 Bytes JMP 00870F94
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyA 763C3BA9 5 Bytes JMP 00870025
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyA 763C89C7 5 Bytes JMP 00870000
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyW 763D391E 5 Bytes JMP 00870036
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegCreateKeyExW 763D41F1 5 Bytes JMP 00870F79
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExA 763D7C42 5 Bytes JMP 00870FD4
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyW 763DE2B5 5 Bytes JMP 00870FE5
.text C:\Windows\system32\svchost.exe[1972] ADVAPI32.dll!RegOpenKeyExW 763E7BA1 5 Bytes JMP 00870FC3
.text C:\Windows\system32\svchost.exe[1972] WS2_32.dll!socket 76D536D1 5 Bytes JMP 00890000
.text C:\Windows\System32\svchost.exe[2332] ntdll.dll!NtCreateFile 77D44244 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[2332] ntdll.dll!NtCreateProcess 77D44304 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[2332] ntdll.dll!NtProtectVirtualMemory 77D44BA4 5 Bytes JMP 00060FCA
.text C:\Windows\System32\svchost.exe[2332] kernel32.dll!GetStartupInfoW 76761929 5 Bytes JMP 0005007D
.text C:\Windows\System32\svchost.exe[2332] kernel32.dll!GetStartupInfoA 767619C9 5 Bytes JMP 00050F41
.text C:\Windows\System32\svchost.exe[2332] kernel32.dll!CreateProcessW 76761BF3 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[2332] kernel32.dll!CreateProcessW 76761BF3 5 Bytes JMP 00050EF7
.text C:\Windows\System32\svchost.exe[2332] kernel32.dll!CreateProcessA 76761C28 5 Bytes JMP 00050F12
.text C:\Windows\System32\svchost.exe[2332] kernel32.dll!VirtualProtect 76761DC3 5 Bytes JMP 00050051
.text C:\Windows\System32\svchost.exe[2332] kernel32.dll!CreateNamedPipeA 76762EF5 5 Bytes JMP 00050FD4
.text C:\Windows\System32\svchost.exe[2332] kernel32.dll!CreateNamedPipeW 76765C0C 5 Bytes JMP 0005002F
.text C:\Windows\System32\svchost.exe[2332] kernel32.dll!CreatePipe 76788F06 5 Bytes JMP 00050F52
.text C:\Windows\System32\svchost.exe[2332] kernel32.dll!LoadLibraryExW 7678927C 5 Bytes JMP 00050040
.text C:\Windows\System32\svchost.exe[2332] kernel32.dll!LoadLibraryW 76789400 5 Bytes JMP 00050FA8
.text C:\Windows\System32\svchost.exe[2332] kernel32.dll!LoadLibraryExA 76789554 5 Bytes JMP 00050F83
.text C:\Windows\System32\svchost.exe[2332] kernel32.dll!LoadLibraryA 7678957C 5 Bytes JMP 00050FC3
.text C:\Windows\System32\svchost.exe[2332] kernel32.dll!VirtualProtectEx 7678DC52 5 Bytes JMP 00050062
.text C:\Windows\System32\svchost.exe[2332] kernel32.dll!GetProcAddress 767A925B 5 Bytes JMP 00050EDC
.text C:\Windows\System32\svchost.exe[2332] kernel32.dll!CreateFileW 767AB0EB 5 Bytes JMP 00050014
.text C:\Windows\System32\svchost.exe[2332] kernel32.dll!CreateFileA 767AD07F 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[2332] kernel32.dll!WinExec 767F60CF 5 Bytes JMP 0005008E
.text C:\Windows\System32\svchost.exe[2332] msvcrt.dll!_wsystem 768B7F3F 5 Bytes JMP 00080047
.text C:\Windows\System32\svchost.exe[2332] msvcrt.dll!system 768B805B 5 Bytes JMP 00080FBC
.text C:\Windows\System32\svchost.exe[2332] msvcrt.dll!_creat 768BBBF1 5 Bytes JMP 00080FDE
.text C:\Windows\System32\svchost.exe[2332] msvcrt.dll!_open 768BD116 5 Bytes JMP 00080FEF
.text C:\Windows\System32\svchost.exe[2332] msvcrt.dll!_wcreat 768BD336 5 Bytes JMP 00080FCD
.text C:\Windows\System32\svchost.exe[2332] msvcrt.dll!_wopen 768BD511 5 Bytes JMP 0008000C
.text C:\Windows\System32\svchost.exe[2332] ADVAPI32.dll!RegCreateKeyExA 763C39AB 5 Bytes JMP 00070F94
.text C:\Windows\System32\svchost.exe[2332] ADVAPI32.dll!RegCreateKeyA 763C3BA9 5 Bytes JMP 00070FC0
.text C:\Windows\System32\svchost.exe[2332] ADVAPI32.dll!RegOpenKeyA 763C89C7 5 Bytes JMP 00070FEF
.text C:\Windows\System32\svchost.exe[2332] ADVAPI32.dll!RegCreateKeyW 763D391E 5 Bytes JMP 00070FAF
.text C:\Windows\System32\svchost.exe[2332] ADVAPI32.dll!RegCreateKeyExW 763D41F1 5 Bytes JMP 00070047
.text C:\Windows\System32\svchost.exe[2332] ADVAPI32.dll!RegOpenKeyExA 763D7C42 5 Bytes JMP 00070025
.text C:\Windows\System32\svchost.exe[2332] ADVAPI32.dll!RegOpenKeyW 763DE2B5 5 Bytes JMP 0007000A
.text C:\Windows\System32\svchost.exe[2332] ADVAPI32.dll!RegOpenKeyExW 763E7BA1 5 Bytes JMP 00070036
.text C:\Program Files\Mozilla Firefox\firefox.exe[4676] ntdll.dll!LdrLoadDll 77D09378 5 Bytes JMP 5C335B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\system32\svchost.exe[5844] ntdll.dll!NtCreateFile 77D44244 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[5844] ntdll.dll!NtCreateProcess 77D44304 5 Bytes JMP 00040FD4
.text C:\Windows\system32\svchost.exe[5844] ntdll.dll!NtProtectVirtualMemory 77D44BA4 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[5844] kernel32.dll!GetStartupInfoW 76761929 5 Bytes JMP 00010F44
.text C:\Windows\system32\svchost.exe[5844] kernel32.dll!GetStartupInfoA 767619C9 5 Bytes JMP 00010080
.text C:\Windows\system32\svchost.exe[5844] kernel32.dll!CreateProcessW 76761BF3 5 Bytes JMP 00010F29
.text C:\Windows\system32\svchost.exe[5844] kernel32.dll!CreateProcessA 76761C28 5 Bytes JMP 000100CA
.text C:\Windows\system32\svchost.exe[5844] kernel32.dll!VirtualProtect 76761DC3 5 Bytes JMP 00010054
.text C:\Windows\system32\svchost.exe[5844] kernel32.dll!CreateNamedPipeA 76762EF5 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[5844] kernel32.dll!CreateNamedPipeW 76765C0C 5 Bytes JMP 00010FD4
.text C:\Windows\system32\svchost.exe[5844] kernel32.dll!CreatePipe 76788F06 5 Bytes JMP 00010F55
.text C:\Windows\system32\svchost.exe[5844] kernel32.dll!LoadLibraryExW 7678927C 5 Bytes JMP 00010F86
.text C:\Windows\system32\svchost.exe[5844] kernel32.dll!LoadLibraryW 76789400 5 Bytes JMP 00010FA8
.text C:\Windows\system32\svchost.exe[5844] kernel32.dll!LoadLibraryExA 76789554 5 Bytes JMP 00010F97
.text C:\Windows\system32\svchost.exe[5844] kernel32.dll!LoadLibraryA 7678957C 5 Bytes JMP 00010FC3
.text C:\Windows\system32\svchost.exe[5844] kernel32.dll!VirtualProtectEx 7678DC52 5 Bytes JMP 00010065
.text C:\Windows\system32\svchost.exe[5844] kernel32.dll!GetProcAddress 767A925B 5 Bytes JMP 00010F18
.text C:\Windows\system32\svchost.exe[5844] kernel32.dll!CreateFileW 767AB0EB 5 Bytes JMP 0001001B
.text C:\Windows\system32\svchost.exe[5844] kernel32.dll!CreateFileA 767AD07F 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[5844] kernel32.dll!WinExec 767F60CF 5 Bytes JMP 000100A5
.text C:\Windows\system32\svchost.exe[5844] msvcrt.dll!_wsystem 768B7F3F 5 Bytes JMP 000A0073
.text C:\Windows\system32\svchost.exe[5844] msvcrt.dll!system 768B805B 5 Bytes JMP 000A0FDE
.text C:\Windows\system32\svchost.exe[5844] msvcrt.dll!_creat 768BBBF1 5 Bytes JMP 000A0029
.text C:\Windows\system32\svchost.exe[5844] msvcrt.dll!_open 768BD116 5 Bytes JMP 000A0000
.text C:\Windows\system32\svchost.exe[5844] msvcrt.dll!_wcreat 768BD336 5 Bytes JMP 000A004E
.text C:\Windows\system32\svchost.exe[5844] msvcrt.dll!_wopen 768BD511 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\svchost.exe[5844] ADVAPI32.dll!RegCreateKeyExA 763C39AB 5 Bytes JMP 000B0F94
.text C:\Windows\system32\svchost.exe[5844] ADVAPI32.dll!RegCreateKeyA 763C3BA9 5 Bytes JMP 000B0FB9
.text C:\Windows\system32\svchost.exe[5844] ADVAPI32.dll!RegOpenKeyA 763C89C7 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\svchost.exe[5844] ADVAPI32.dll!RegCreateKeyW 763D391E 5 Bytes JMP 000B0040
.text C:\Windows\system32\svchost.exe[5844] ADVAPI32.dll!RegCreateKeyExW 763D41F1 5 Bytes JMP 000B0051
.text C:\Windows\system32\svchost.exe[5844] ADVAPI32.dll!RegOpenKeyExA 763D7C42 5 Bytes JMP 000B0FDE
.text C:\Windows\system32\svchost.exe[5844] ADVAPI32.dll!RegOpenKeyW 763DE2B5 5 Bytes JMP 000B000A
.text C:\Windows\system32\svchost.exe[5844] ADVAPI32.dll!RegOpenKeyExW 763E7BA1 5 Bytes JMP 000B002F
.text C:\Windows\system32\svchost.exe[5844] WS2_32.dll!socket 76D536D1 5 Bytes JMP 000C0FEF

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\mfevtps.exe[1188] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0096A4B0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\system32\mfevtps.exe[1188] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0096A510] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\aol\1327608911\ee\aolsoftware.exe[3880] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


==================================================================================================

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-24 03:44:22
-----------------------------
03:44:22.380 OS Version: Windows 6.0.6002 Service Pack 2
03:44:22.380 Number of processors: 2 586 0xF0D
03:44:22.380 ComputerName: HEISENBERG UserName: Poke High
03:44:23.862 Initialize success
03:44:37.390 AVAST engine defs: 12022301
03:44:39.932 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
03:44:39.979 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT2 11.01A11 Size: 305245MB BusType: 3
03:44:40.010 Disk 0 MBR read successfully
03:44:40.010 Disk 0 MBR scan
03:44:40.026 Disk 0 Windows VISTA default MBR code
03:44:40.057 Disk 0 Partition 1 00 DE Dell Utility Dell 8.1 47 MB offset 63
03:44:40.073 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71680 MB offset 96390
03:44:40.088 Disk 0 Partition - 00 0F Extended LBA 233515 MB offset 146898360
03:44:40.151 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 231459 MB offset 146898423
03:44:40.151 Disk 0 Partition - 00 05 Extended 2055 MB offset 620928315
03:44:40.213 Disk 0 Partition 4 00 DD MSDOS5.0 2055 MB offset 620928378
03:44:40.244 Disk 0 scanning sectors +625137345
03:44:40.416 Disk 0 scanning C:\Windows\system32\drivers
03:45:09.822 Service scanning
03:45:35.110 Modules scanning
03:45:55.765 Disk 0 trace - called modules:
03:45:55.905 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll intelide.sys
03:45:55.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853fdac8]
03:45:55.921 3 CLASSPNP.SYS[8819d8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x84872400]
03:46:00.289 AVAST engine scan C:\Windows
03:46:06.264 AVAST engine scan C:\Windows\system32
03:52:08.958 AVAST engine scan C:\Windows\system32\drivers
03:52:30.127 AVAST engine scan C:\Users\Poke High
03:53:43.572 Disk 0 MBR has been saved successfully to "D:\Documents\MBR.dat"
03:53:43.603 The log file has been saved successfully to "D:\Documents\aswMBR1.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:47 PM

Posted 24 February 2012 - 06:31 AM

That looks good

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#7 oldapple

oldapple
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 26 February 2012 - 01:08 AM

Thanks for the help. The ESAT scan showed they were no threats.Here are the results of the other scans.

MiniToolBox by Farbar Version: 18-01-2012
Ran by Poke High (administrator) on 26-02-2012 at 02:22:10
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15164 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Heisenberg
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

PPP adapter Broadband Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadband Connection
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 92.13.121.143(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 92.31.242.20
92.31.241.21
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-1D-09-3B-61-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7d09:afb0:5af4:2da3%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 26 February 2012 02:03:12
Lease Expires . . . . . . . . . . : 27 February 2012 02:03:11
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 167779593
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-B0-C7-6F-00-1D-09-3B-61-AC
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3083:16b:a3f2:8670(Preferred)
Link-local IPv6 Address . . . . . : fe80::3083:16b:a3f2:8670%12(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:5c0d:798f::5c0d:798f(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 92.31.242.20
92.31.241.21
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: dns-1.loh.as43234.net
Address: 92.31.242.20

Name: google.com
Addresses: 173.194.41.133
173.194.41.134
173.194.41.135
173.194.41.136
173.194.41.137
173.194.41.142
173.194.41.128
173.194.41.129
173.194.41.130
173.194.41.131
173.194.41.132



Pinging google.com [173.194.41.174] with 32 bytes of data:

Reply from 173.194.41.174: bytes=32 time=113ms TTL=56

Reply from 173.194.41.174: bytes=32 time=45ms TTL=56



Ping statistics for 173.194.41.174:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 113ms, Average = 79ms

Server: dns-1.loh.as43234.net
Address: 92.31.242.20

Name: yahoo.com
Addresses: 209.191.122.70
98.139.127.62
98.139.183.24



Pinging yahoo.com [98.139.127.62] with 32 bytes of data:

Reply from 98.139.127.62: bytes=32 time=266ms TTL=48

Reply from 98.139.127.62: bytes=32 time=217ms TTL=48



Ping statistics for 98.139.127.62:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 217ms, Maximum = 266ms, Average = 241ms

Server: dns-1.loh.as43234.net
Address: 92.31.242.20

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
15 ........................... Broadband Connection
8 ...00 1d 09 3b 61 ac ...... Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.home
25 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
29 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 4245
0.0.0.0 0.0.0.0 On-link 92.13.121.143 21
92.13.121.143 255.255.255.255 On-link 92.13.121.143 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
192.168.0.0 255.255.255.0 On-link 192.168.0.2 4501
192.168.0.2 255.255.255.255 On-link 192.168.0.2 4501
192.168.0.255 255.255.255.255 On-link 192.168.0.2 4501
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 192.168.0.2 4502
224.0.0.0 240.0.0.0 On-link 92.13.121.143 21
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
255.255.255.255 255.255.255.255 On-link 192.168.0.2 4501
255.255.255.255 255.255.255.255 On-link 92.13.121.143 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
29 1125 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
12 18 2001::/32 On-link
12 266 2001:0:5ef5:79fd:3083:16b:a3f2:8670/128
On-link
29 1025 2002::/16 On-link
29 281 2002:5c0d:798f::5c0d:798f/128
On-link
8 276 fe80::/64 On-link
12 266 fe80::/64 On-link
12 266 fe80::3083:16b:a3f2:8670/128
On-link
8 276 fe80::7d09:afb0:5af4:2da3/128
On-link
1 306 ff00::/8 On-link
12 266 ff00::/8 On-link
8 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/26/2012 02:16:31 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/26/2012 02:16:31 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/26/2012 02:12:43 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2c43861b-5f5d-4f55-ae4b-69a98326f712}

Error: (02/26/2012 02:11:57 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/26/2012 02:11:57 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/26/2012 01:49:07 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {75438d71-0e74-4ea3-9368-09ac7a34514e}

Error: (02/25/2012 02:06:20 AM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2940 (0xb7c)

Thread address : 0x77735CD4

Thread message :

Build VSCORE.14.4.0.380 / 5400.1158
Object being scanned = \Device\HarddiskVolume5\vid\Pazera_Free_FLV_to_AVI_Converter\flvtoavi.exe
by C:\Windows\system32\svchost.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (02/24/2012 03:46:50 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\POKE HIGH\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\AE2QVD2O.DEFAULT\CACHE\3> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/24/2012 03:46:50 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\POKE HIGH\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\AE2QVD2O.DEFAULT\CACHE\3> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/24/2012 03:46:50 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\POKE HIGH\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\AE2QVD2O.DEFAULT\CACHE\2> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (02/26/2012 02:03:35 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (02/26/2012 01:41:45 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (02/25/2012 04:33:34 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (02/25/2012 03:11:30 AM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (02/25/2012 03:11:29 AM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (02/25/2012 02:07:21 AM) (Source: Service Control Manager) (User: )
Description: McAfee McShield150001Restart the service

Error: (02/25/2012 01:53:56 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (02/24/2012 05:43:59 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (02/24/2012 06:18:28 AM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (02/24/2012 06:18:26 AM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}


Microsoft Office Sessions:
=========================
Error: (02/26/2012 02:16:31 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK

Error: (02/26/2012 02:16:31 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK

Error: (02/26/2012 02:12:43 AM) (Source: VSS)(User: )
Description: 0x80070005

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2c43861b-5f5d-4f55-ae4b-69a98326f712}

Error: (02/26/2012 02:11:57 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK

Error: (02/26/2012 02:11:57 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE INTERNET SECURITY.LNK

Error: (02/26/2012 01:49:07 AM) (Source: VSS)(User: )
Description: 0x80070005

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {75438d71-0e74-4ea3-9368-09ac7a34514e}

Error: (02/25/2012 02:06:20 AM) (Source: McLogEvent)(User: SYSTEM)SYSTEM
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900002940 (0xb7c)0x77735CD4
Build VSCORE.14.4.0.380 / 5400.1158
Object being scanned = \Device\HarddiskVolume5\vid\Pazera_Free_FLV_to_AVI_Converter\flvtoavi.exe
by C:\Windows\system32\svchost.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (02/24/2012 03:46:50 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\POKE HIGH\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\AE2QVD2O.DEFAULT\CACHE\3

Error: (02/24/2012 03:46:50 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\POKE HIGH\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\AE2QVD2O.DEFAULT\CACHE\3

Error: (02/24/2012 03:46:50 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\POKE HIGH\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\AE2QVD2O.DEFAULT\CACHE\2


=========================== Installed Programs ============================

Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.11)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Advanced Audio FX Engine
Advanced Video FX Engine
Amazon Kindle
AOL Registration
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.14.1.0)
Audacity 1.3.14 (Unicode)
Auslogics Disk Defrag (Version: version 3.3)
Auslogics Toolbar Updater (Version: 1.2.0.20007)
Bonjour (Version: 3.0.0.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.4518.1014)
Conexant HDA D330 MDC V.92 Modem
Dell Resource CD (Version: 1.00.0000)
Dell Webcam Center
Dell Webcam Manager
eMusic Download Manager (Version: 5.0.5)
ESET Online Scanner v3
EZ Vinyl/Tape Converter 4.1 by MixMeister
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.5.3.3)
Laptop Integrated Webcam Driver (1.04.01.1011)
Last.fm 1.5.4.27091
Live! Cam Avatar Creator (Version: 4.6.0817.1)
Live! Cam Avatar v1.0 (Version: 1.0)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Marvell Miniport Driver (Version: 10.22.6.3)
McAfee Internet Security (Version: 11.0.654)
MediaDirect (Version: 3.5)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 10.0.2 (x86 en-GB) (Version: 10.0.2)
OutlookAddinSetup (Version: 1.0.0)
Paint.NET v3.36 (Version: 3.36.0)
PRS-500 USB driver (Version: 1.0.00.08110)
QuickTime (Version: 7.71.80.42)
Reader Library by Sony (Version: 3.3.00.07130)
RICOH Media Driver ver.2.07.01.04 (Version: 2.07.01.04)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio Update Manager (Version: 3.0.0)
RTC Client API v1.2 (Version: 1.2.0000)
Secunia PSI (2.0.0.3003)
SigmaTel Audio (Version: 5.10.5207.0)
Sonic Activation Module (Version: 1.0)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.5 (Version: 4.5.0)
SpywareGuard v2.2 (Version: 2.2)
SUPERAntiSpyware (Version: 5.0.1142)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Viewpoint Media Player
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080) (Version: 08/08/2006 1.0.03.08080)
WinPatrol (Version: 24.0.2012)

========================= Memory info: ===================================

Percentage of memory in use: 71%
Total physical RAM: 2037.31 MB
Available physical RAM: 582.97 MB
Total Pagefile: 4313.88 MB
Available Pagefile: 2135.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.65 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:70 GB) (Free:29.87 GB) NTFS
2 Drive d: (My Stuff) (Fixed) (Total:226.04 GB) (Free:180.62 GB) NTFS

========================= Users: ========================================

User accounts for \\HEISENBERG

Administrator Guest Poke High


**** End of log ****


==============================================================================================================================


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.25.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Poke High :: HEISENBERG [administrator]

26/02/2012 04:02:03
mbam-log-2012-02-26 (04-02-03).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 289080
Time elapsed: 1 hour(s), 43 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:47 PM

Posted 26 February 2012 - 09:35 PM

Uninstall view point media player

Download

Hosts fix

Run the fixit

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-IN/windows-vista/Turn-System-Restore-on-or-off

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users