Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iExplore.exe Recyler virus


  • Please log in to reply
9 replies to this topic

#1 lefty16

lefty16

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 05 April 2012 - 06:55 AM

I picked up the iExplore.exe virus that my Avast program keeps popping up with alerts and blocks. I've tried boot scan with Avast and can't get it removed and running Malwarebytes also does not remove it. All computer functions are running extremely slow, including interet webpage loading. Is there a program that can easily kill this or please help with steps to remove this. I have Windows XP. Thanks

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:43 PM

Posted 05 April 2012 - 08:45 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 lefty16

lefty16
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 06 April 2012 - 07:46 AM

Thanks for the reply. I tried your first step of downloading TDSSKiller.exe, which it did onto my desktop. However I've been repeatedly trying to open or start it and nothing happens. It won't even do so in safe mode. All other programs will open OK.

#4 lefty16

lefty16
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 06 April 2012 - 08:29 AM

By the way, my Avast says that I have a bad rootkit name ParMBR:Alureor

I understand this might be why certain programs won't open.

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:43 PM

Posted 06 April 2012 - 09:29 AM

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot ,allow it to run and click on REPAIR

Now run the tools as instructed before

good luck

#6 lefty16

lefty16
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 08 April 2012 - 12:45 AM

The log from TDSSKill scan

04:23:09.0750 2248 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
04:23:11.0750 2248 ============================================================
04:23:11.0750 2248 Current date / time: 2012/04/07 04:23:11.0750
04:23:11.0750 2248 SystemInfo:
04:23:11.0750 2248
04:23:11.0750 2248 OS Version: 5.1.2600 ServicePack: 3.0
04:23:11.0750 2248 Product type: Workstation
04:23:11.0750 2248 ComputerName: D2LD5V51
04:23:11.0750 2248 UserName: Kirk
04:23:11.0750 2248 Windows directory: C:\WINDOWS
04:23:11.0750 2248 System windows directory: C:\WINDOWS
04:23:11.0750 2248 Processor architecture: Intel x86
04:23:11.0750 2248 Number of processors: 2
04:23:11.0750 2248 Page size: 0x1000
04:23:11.0750 2248 Boot type: Normal boot
04:23:11.0750 2248 ============================================================
04:23:40.0703 2248 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
04:23:40.0781 2248 \Device\Harddisk0\DR0:
04:23:41.0015 2248 MBR used
04:23:41.0015 2248 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x8DE2BED
04:23:41.0203 2248 Initialize success
04:23:41.0203 2248 ============================================================
04:23:58.0750 2796 ============================================================
04:23:58.0750 2796 Scan started
04:23:58.0750 2796 Mode: Manual;
04:23:58.0750 2796 ============================================================
04:24:12.0421 2796 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
04:24:12.0437 2796 Aavmker4 - ok
04:24:17.0250 2796 Abiosdsk - ok
04:24:18.0515 2796 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
04:24:18.0515 2796 abp480n5 - ok
04:24:22.0421 2796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
04:24:22.0515 2796 ACPI - ok
04:24:22.0843 2796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
04:24:22.0859 2796 ACPIEC - ok
04:24:23.0156 2796 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
04:24:23.0250 2796 adpu160m - ok
04:24:27.0593 2796 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
04:24:27.0671 2796 aeaudio - ok
04:24:29.0265 2796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
04:24:29.0406 2796 aec - ok
04:24:29.0968 2796 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
04:24:30.0046 2796 AFD - ok
04:24:36.0484 2796 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
04:24:36.0546 2796 AFS2K - ok
04:24:38.0781 2796 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
04:24:38.0828 2796 agp440 - ok
04:24:39.0078 2796 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
04:24:39.0109 2796 agpCPQ - ok
04:24:39.0281 2796 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
04:24:39.0281 2796 Aha154x - ok
04:24:39.0546 2796 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
04:24:39.0562 2796 aic78u2 - ok
04:24:40.0015 2796 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
04:24:40.0046 2796 aic78xx - ok
04:24:40.0375 2796 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
04:24:40.0375 2796 Alerter - ok
04:24:40.0515 2796 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
04:24:40.0531 2796 ALG - ok
04:24:41.0046 2796 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
04:24:41.0062 2796 AliIde - ok
04:24:43.0453 2796 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
04:24:43.0515 2796 alim1541 - ok
04:24:43.0781 2796 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
04:24:43.0796 2796 amdagp - ok
04:24:45.0234 2796 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
04:24:45.0515 2796 amsint - ok
04:24:46.0546 2796 AppMgmt - ok
04:24:47.0312 2796 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
04:24:47.0312 2796 asc - ok
04:24:47.0515 2796 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
04:24:47.0515 2796 asc3350p - ok
04:24:47.0859 2796 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
04:24:47.0859 2796 asc3550 - ok
04:24:48.0078 2796 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
04:24:48.0078 2796 ASCTRM - ok
04:24:48.0453 2796 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
04:24:48.0656 2796 aspnet_state - ok
04:24:49.0078 2796 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
04:24:49.0078 2796 aswFsBlk - ok
04:24:49.0234 2796 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
04:24:49.0234 2796 aswMon2 - ok
04:24:49.0296 2796 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
04:24:49.0296 2796 aswRdr - ok
04:24:49.0593 2796 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
04:24:49.0640 2796 aswSnx - ok
04:24:49.0984 2796 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
04:24:50.0015 2796 aswSP - ok
04:24:50.0171 2796 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
04:24:50.0187 2796 aswTdi - ok
04:24:50.0328 2796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
04:24:50.0328 2796 AsyncMac - ok
04:24:50.0609 2796 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
04:24:50.0609 2796 atapi - ok
04:24:50.0750 2796 Atdisk - ok
04:24:51.0968 2796 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
04:24:52.0031 2796 Atmarpc - ok
04:24:54.0062 2796 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
04:24:54.0109 2796 AudioSrv - ok
04:24:56.0000 2796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
04:24:56.0015 2796 audstub - ok
04:24:56.0546 2796 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
04:24:56.0562 2796 avast! Antivirus - ok
04:24:56.0890 2796 AVG Anti-Spyware Driver (d6f4c1450699901048818b0c3aaf7a17) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
04:24:56.0906 2796 AVG Anti-Spyware Driver - ok
04:24:57.0156 2796 AVG Anti-Spyware Guard (5dcd235c061022bcda9aa48670b64211) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
04:24:57.0250 2796 AVG Anti-Spyware Guard - ok
04:24:57.0562 2796 AvgAsCln (6d4a1da6e6d522b3ebbcbff4a3589ec5) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
04:24:57.0609 2796 AvgAsCln - ok
04:24:58.0796 2796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
04:24:58.0812 2796 Beep - ok
04:24:59.0125 2796 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
04:24:59.0390 2796 BITS - ok
04:24:59.0718 2796 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
04:24:59.0750 2796 Browser - ok
04:25:00.0375 2796 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
04:25:00.0453 2796 cbidf - ok
04:25:00.0953 2796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
04:25:00.0953 2796 cbidf2k - ok
04:25:01.0265 2796 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
04:25:01.0296 2796 cd20xrnt - ok
04:25:01.0609 2796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
04:25:01.0640 2796 Cdaudio - ok
04:25:02.0046 2796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
04:25:02.0078 2796 Cdfs - ok
04:25:02.0359 2796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
04:25:02.0359 2796 Cdrom - ok
04:25:02.0593 2796 Changer - ok
04:25:02.0765 2796 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
04:25:02.0796 2796 CiSvc - ok
04:25:03.0031 2796 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
04:25:03.0031 2796 ClipSrv - ok
04:25:04.0015 2796 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:25:04.0750 2796 clr_optimization_v2.0.50727_32 - ok
04:25:05.0656 2796 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
04:25:05.0703 2796 CmdIde - ok
04:25:05.0843 2796 COMSysApp - ok
04:25:06.0203 2796 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
04:25:06.0234 2796 Cpqarray - ok
04:25:06.0500 2796 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
04:25:06.0515 2796 CryptSvc - ok
04:25:06.0906 2796 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
04:25:06.0968 2796 dac2w2k - ok
04:25:07.0328 2796 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
04:25:07.0359 2796 dac960nt - ok
04:25:07.0687 2796 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
04:25:07.0843 2796 DcomLaunch - ok
04:25:08.0078 2796 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
04:25:08.0093 2796 Dhcp - ok
04:25:08.0421 2796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
04:25:08.0437 2796 Disk - ok
04:25:08.0859 2796 dmadmin - ok
04:25:09.0796 2796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
04:25:10.0468 2796 dmboot - ok
04:25:11.0359 2796 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
04:25:11.0421 2796 dmio - ok
04:25:11.0828 2796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
04:25:11.0859 2796 dmload - ok
04:25:12.0171 2796 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
04:25:12.0187 2796 dmserver - ok
04:25:12.0515 2796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
04:25:12.0531 2796 DMusic - ok
04:25:12.0906 2796 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
04:25:12.0937 2796 Dnscache - ok
04:25:13.0281 2796 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
04:25:13.0312 2796 Dot3svc - ok
04:25:13.0718 2796 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
04:25:13.0765 2796 dpti2o - ok
04:25:14.0093 2796 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
04:25:14.0109 2796 drmkaud - ok
04:25:14.0406 2796 drvmcdb (049177996e5e33b5faf40cad2b82098c) C:\WINDOWS\system32\drivers\drvmcdb.sys
04:25:14.0421 2796 drvmcdb - ok
04:25:14.0828 2796 drvnddm (2f4134d073f972575c174e3d621f0107) C:\WINDOWS\system32\drivers\drvnddm.sys
04:25:14.0843 2796 drvnddm - ok
04:25:15.0062 2796 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
04:25:15.0234 2796 DSBrokerService - ok
04:25:15.0609 2796 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
04:25:15.0843 2796 DSproct - ok
04:25:16.0828 2796 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
04:25:16.0843 2796 dsunidrv - ok
04:25:17.0156 2796 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
04:25:17.0171 2796 E100B - ok
04:25:17.0421 2796 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
04:25:17.0437 2796 EapHost - ok
04:25:17.0937 2796 ENETHUSB (8c3f3914f1c1e3e3ffe77190a4c9d735) C:\WINDOWS\system32\DRIVERS\enethusb.sys
04:25:17.0984 2796 ENETHUSB - ok
04:25:18.0250 2796 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
04:25:18.0265 2796 ERSvc - ok
04:25:18.0593 2796 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
04:25:18.0750 2796 Eventlog - ok
04:25:19.0031 2796 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
04:25:19.0078 2796 EventSystem - ok
04:25:19.0390 2796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
04:25:19.0484 2796 Fastfat - ok
04:25:19.0812 2796 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
04:25:19.0875 2796 FastUserSwitchingCompatibility - ok
04:25:20.0140 2796 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
04:25:20.0203 2796 Fax - ok
04:25:20.0562 2796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
04:25:20.0625 2796 Fdc - ok
04:25:21.0078 2796 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
04:25:21.0109 2796 Fips - ok
04:25:21.0437 2796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
04:25:21.0453 2796 Flpydisk - ok
04:25:21.0703 2796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
04:25:21.0718 2796 FltMgr - ok
04:25:22.0625 2796 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
04:25:22.0703 2796 FontCache3.0.0.0 - ok
04:25:23.0031 2796 Fs_Rec (643e54e860d950470e41c813d0af246e) C:\WINDOWS\system32\drivers\Fs_Rec.sys
04:25:23.0046 2796 Fs_Rec - ok
04:25:23.0375 2796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
04:25:23.0390 2796 Ftdisk - ok
04:25:23.0718 2796 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
04:25:23.0718 2796 GoogleDesktopManager-051210-111108 - ok
04:25:24.0156 2796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
04:25:24.0187 2796 Gpc - ok
04:25:24.0546 2796 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
04:25:24.0625 2796 gupdate - ok
04:25:24.0687 2796 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
04:25:24.0687 2796 gupdatem - ok
04:25:25.0031 2796 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
04:25:25.0265 2796 gusvc - ok
04:25:25.0515 2796 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
04:25:25.0531 2796 helpsvc - ok
04:25:25.0812 2796 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
04:25:25.0812 2796 HidServ - ok
04:25:26.0171 2796 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
04:25:26.0234 2796 HidUsb - ok
04:25:26.0843 2796 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
04:25:26.0890 2796 hkmsvc - ok
04:25:27.0187 2796 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
04:25:27.0218 2796 hpn - ok
04:25:28.0062 2796 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
04:25:28.0234 2796 HTTP - ok
04:25:28.0812 2796 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
04:25:28.0843 2796 HTTPFilter - ok
04:25:29.0156 2796 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
04:25:29.0171 2796 i2omgmt - ok
04:25:29.0531 2796 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
04:25:29.0546 2796 i2omp - ok
04:25:29.0843 2796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
04:25:29.0859 2796 i8042prt - ok
04:25:30.0484 2796 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
04:25:30.0953 2796 ialm - ok
04:25:31.0406 2796 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
04:25:31.0500 2796 IDriverT - ok
04:25:31.0843 2796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
04:25:31.0859 2796 Imapi - ok
04:25:32.0140 2796 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
04:25:32.0156 2796 ImapiService - ok
04:25:32.0515 2796 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
04:25:32.0546 2796 ini910u - ok
04:25:33.0046 2796 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
04:25:33.0531 2796 IntelC51 - ok
04:25:34.0437 2796 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
04:25:34.0859 2796 IntelC52 - ok
04:25:35.0203 2796 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
04:25:35.0218 2796 IntelC53 - ok
04:25:35.0578 2796 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
04:25:35.0609 2796 IntelIde - ok
04:25:35.0890 2796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
04:25:35.0984 2796 intelppm - ok
04:25:36.0343 2796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
04:25:36.0343 2796 Ip6Fw - ok
04:25:36.0671 2796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
04:25:36.0703 2796 IpFilterDriver - ok
04:25:37.0171 2796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
04:25:37.0203 2796 IpInIp - ok
04:25:37.0687 2796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
04:25:37.0718 2796 IpNat - ok
04:25:38.0093 2796 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
04:25:38.0109 2796 IPSec - ok
04:25:38.0484 2796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
04:25:38.0500 2796 IRENUM - ok
04:25:38.0906 2796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
04:25:38.0937 2796 isapnp - ok
04:25:39.0296 2796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
04:25:39.0312 2796 Kbdclass - ok
04:25:40.0593 2796 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
04:25:40.0609 2796 kbdhid - ok
04:25:41.0000 2796 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
04:25:41.0046 2796 kmixer - ok
04:25:41.0546 2796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
04:25:41.0593 2796 KSecDD - ok
04:25:41.0890 2796 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
04:25:41.0906 2796 lanmanserver - ok
04:25:42.0296 2796 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
04:25:42.0375 2796 lanmanworkstation - ok
04:25:42.0703 2796 lbrtfdc - ok
04:25:42.0953 2796 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
04:25:42.0968 2796 LmHosts - ok
04:25:43.0078 2796 MCVSRte - ok
04:25:43.0375 2796 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
04:25:43.0390 2796 Messenger - ok
04:25:43.0703 2796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
04:25:43.0718 2796 mnmdd - ok
04:25:43.0843 2796 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
04:25:43.0859 2796 mnmsrvc - ok
04:25:44.0281 2796 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
04:25:44.0296 2796 Modem - ok
04:25:45.0031 2796 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
04:25:45.0078 2796 MODEMCSA - ok
04:25:46.0406 2796 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
04:25:46.0421 2796 mohfilt - ok
04:25:46.0796 2796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
04:25:46.0828 2796 Mouclass - ok
04:25:47.0109 2796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
04:25:47.0109 2796 mouhid - ok
04:25:47.0453 2796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
04:25:47.0468 2796 MountMgr - ok
04:25:47.0734 2796 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
04:25:47.0750 2796 mraid35x - ok
04:25:48.0046 2796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
04:25:48.0093 2796 MRxDAV - ok
04:25:48.0421 2796 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
04:25:48.0453 2796 MRxSmb - ok
04:25:48.0562 2796 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
04:25:48.0578 2796 MSDTC - ok
04:25:48.0718 2796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
04:25:48.0718 2796 Msfs - ok
04:25:48.0828 2796 MSIServer - ok
04:25:49.0000 2796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
04:25:49.0000 2796 MSKSSRV - ok
04:25:49.0250 2796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
04:25:49.0265 2796 MSPCLOCK - ok
04:25:49.0593 2796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
04:25:49.0640 2796 MSPQM - ok
04:25:49.0921 2796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
04:25:49.0937 2796 mssmbios - ok
04:25:50.0140 2796 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
04:25:50.0171 2796 Mup - ok
04:25:50.0515 2796 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
04:25:50.0734 2796 napagent - ok
04:25:51.0078 2796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
04:25:51.0171 2796 NDIS - ok
04:25:51.0843 2796 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
04:25:51.0906 2796 NdisTapi - ok
04:25:52.0296 2796 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
04:25:52.0312 2796 Ndisuio - ok
04:25:52.0531 2796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
04:25:52.0562 2796 NdisWan - ok
04:25:52.0703 2796 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
04:25:52.0703 2796 NDProxy - ok
04:25:52.0843 2796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
04:25:52.0890 2796 NetBIOS - ok
04:25:53.0078 2796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
04:25:53.0093 2796 NetBT - ok
04:25:53.0203 2796 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
04:25:53.0218 2796 NetDDE - ok
04:25:53.0234 2796 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
04:25:53.0250 2796 NetDDEdsdm - ok
04:25:53.0359 2796 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:25:53.0375 2796 Netlogon - ok
04:25:53.0500 2796 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
04:25:53.0562 2796 Netman - ok
04:25:53.0921 2796 NetSvc (737351f39fef765234037770abdd72bd) C:\Program Files\Intel\NCS\Sync\NetSvc.exe
04:25:54.0140 2796 NetSvc - ok
04:25:54.0296 2796 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
04:25:54.0312 2796 Nla - ok
04:25:54.0500 2796 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
04:25:54.0515 2796 NMIndexingService - ok
04:25:54.0781 2796 nmraapache (13350ddd0976ceb5f125396c7bfb05b4) C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
04:25:55.0031 2796 nmraapache - ok
04:25:55.0421 2796 nmservice (82c5a813e8ea7e94dc1afa24cd803b80) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
04:25:55.0656 2796 nmservice - ok
04:25:56.0156 2796 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
04:25:56.0171 2796 Npfs - ok
04:25:56.0671 2796 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
04:25:56.0843 2796 Ntfs - ok
04:25:57.0296 2796 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:25:57.0296 2796 NtLmSsp - ok
04:25:58.0328 2796 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
04:25:58.0671 2796 NtmsSvc - ok
04:25:59.0468 2796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
04:25:59.0484 2796 Null - ok
04:26:01.0406 2796 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
04:26:02.0234 2796 nv - ok
04:26:03.0515 2796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
04:26:03.0578 2796 NwlnkFlt - ok
04:26:04.0421 2796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
04:26:04.0437 2796 NwlnkFwd - ok
04:26:04.0859 2796 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
04:26:04.0875 2796 omci - ok
04:26:05.0765 2796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
04:26:05.0781 2796 Parport - ok
04:26:06.0312 2796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
04:26:06.0328 2796 PartMgr - ok
04:26:07.0062 2796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
04:26:07.0078 2796 ParVdm - ok
04:26:07.0390 2796 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
04:26:07.0390 2796 PCI - ok
04:26:07.0578 2796 PCIDump - ok
04:26:07.0953 2796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
04:26:07.0953 2796 PCIIde - ok
04:26:08.0187 2796 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
04:26:08.0203 2796 Pcmcia - ok
04:26:08.0500 2796 PDCOMP - ok
04:26:08.0765 2796 PDFRAME - ok
04:26:09.0015 2796 PDRELI - ok
04:26:09.0265 2796 PDRFRAME - ok
04:26:09.0562 2796 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
04:26:09.0593 2796 perc2 - ok
04:26:09.0953 2796 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
04:26:09.0968 2796 perc2hib - ok
04:26:10.0359 2796 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
04:26:10.0375 2796 PfModNT - ok
04:26:10.0640 2796 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
04:26:10.0656 2796 PlugPlay - ok
04:26:11.0031 2796 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys
04:26:11.0046 2796 pnarp - ok
04:26:11.0296 2796 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
04:26:11.0312 2796 Point32 - ok
04:26:11.0453 2796 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:26:11.0453 2796 PolicyAgent - ok
04:26:11.0687 2796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
04:26:11.0703 2796 PptpMiniport - ok
04:26:12.0156 2796 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:26:12.0156 2796 ProtectedStorage - ok
04:26:12.0984 2796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
04:26:13.0000 2796 PSched - ok
04:26:13.0343 2796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
04:26:13.0359 2796 Ptilink - ok
04:26:13.0765 2796 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys
04:26:13.0781 2796 purendis - ok
04:26:14.0140 2796 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
04:26:14.0171 2796 PxHelp20 - ok
04:26:14.0625 2796 QBCFMonitorService (e6be48afdcf7be96f69455581f15221c) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
04:26:14.0750 2796 QBCFMonitorService - ok
04:26:15.0234 2796 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
04:26:15.0281 2796 QBFCService - ok
04:26:15.0656 2796 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
04:26:15.0765 2796 ql1080 - ok
04:26:16.0187 2796 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
04:26:16.0234 2796 Ql10wnt - ok
04:26:16.0625 2796 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
04:26:16.0640 2796 ql12160 - ok
04:26:17.0046 2796 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
04:26:17.0093 2796 ql1240 - ok
04:26:17.0796 2796 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
04:26:17.0812 2796 ql1280 - ok
04:26:18.0953 2796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
04:26:18.0968 2796 RasAcd - ok
04:26:19.0281 2796 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
04:26:19.0312 2796 RasAuto - ok
04:26:19.0656 2796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
04:26:19.0718 2796 Rasl2tp - ok
04:26:20.0062 2796 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
04:26:20.0109 2796 RasMan - ok
04:26:20.0437 2796 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
04:26:20.0453 2796 RasPppoe - ok
04:26:20.0718 2796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
04:26:20.0734 2796 Raspti - ok
04:26:20.0906 2796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
04:26:20.0921 2796 Rdbss - ok
04:26:21.0062 2796 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
04:26:21.0062 2796 RDPCDD - ok
04:26:21.0187 2796 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
04:26:21.0187 2796 rdpdr - ok
04:26:21.0312 2796 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
04:26:21.0312 2796 RDPWD - ok
04:26:21.0406 2796 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
04:26:21.0453 2796 RDSessMgr - ok
04:26:21.0718 2796 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
04:26:21.0734 2796 redbook - ok
04:26:22.0015 2796 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
04:26:22.0031 2796 RemoteAccess - ok
04:26:22.0359 2796 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
04:26:22.0437 2796 RpcLocator - ok
04:26:22.0796 2796 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
04:26:22.0921 2796 RpcSs - ok
04:26:23.0234 2796 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
04:26:23.0281 2796 RSVP - ok
04:26:23.0593 2796 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:26:23.0609 2796 SamSs - ok
04:26:24.0296 2796 SASDIFSV (bfbc4be8d6ac6d33ad93f3f5f2e11499) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
04:26:24.0312 2796 SASDIFSV - ok
04:26:24.0703 2796 SASENUM (7f1085895e499907f68df7731924122b) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
04:26:24.0718 2796 SASENUM - ok
04:26:25.0203 2796 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
04:26:25.0328 2796 SASKUTIL - ok
04:26:26.0109 2796 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
04:26:26.0171 2796 SCardSvr - ok
04:26:26.0546 2796 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
04:26:26.0640 2796 Schedule - ok
04:26:27.0015 2796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
04:26:27.0078 2796 Secdrv - ok
04:26:27.0328 2796 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
04:26:27.0343 2796 seclogon - ok
04:26:27.0781 2796 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
04:26:27.0796 2796 SENS - ok
04:26:28.0296 2796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
04:26:28.0312 2796 serenum - ok
04:26:28.0609 2796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
04:26:28.0625 2796 Serial - ok
04:26:29.0093 2796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
04:26:29.0109 2796 Sfloppy - ok
04:26:29.0500 2796 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
04:26:29.0906 2796 SharedAccess - ok
04:26:30.0546 2796 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
04:26:30.0593 2796 ShellHWDetection - ok
04:26:30.0953 2796 Simbad - ok
04:26:31.0265 2796 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
04:26:31.0281 2796 sisagp - ok
04:26:31.0812 2796 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
04:26:31.0968 2796 smwdm - ok
04:26:32.0375 2796 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
04:26:32.0406 2796 Sparrow - ok
04:26:32.0796 2796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
04:26:32.0812 2796 splitter - ok
04:26:33.0250 2796 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
04:26:33.0265 2796 Spooler - ok
04:26:33.0531 2796 sprtsvc_dellsupportcenter - ok
04:26:34.0046 2796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
04:26:34.0062 2796 sr - ok
04:26:34.0375 2796 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
04:26:34.0453 2796 srservice - ok
04:26:34.0812 2796 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
04:26:34.0906 2796 Srv - ok
04:26:35.0250 2796 sscdbhk5 (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys
04:26:35.0265 2796 sscdbhk5 - ok
04:26:36.0015 2796 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
04:26:36.0093 2796 SSDPSRV - ok
04:26:36.0593 2796 ssrtln (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys
04:26:36.0609 2796 ssrtln - ok
04:26:37.0046 2796 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
04:26:37.0046 2796 StillCam - ok
04:26:37.0531 2796 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
04:26:37.0703 2796 stisvc - ok
04:26:38.0109 2796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
04:26:38.0125 2796 swenum - ok
04:26:38.0468 2796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
04:26:38.0484 2796 swmidi - ok
04:26:38.0703 2796 SwPrv - ok
04:26:39.0171 2796 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
04:26:39.0203 2796 symc810 - ok
04:26:39.0484 2796 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
04:26:39.0500 2796 symc8xx - ok
04:26:39.0812 2796 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
04:26:39.0828 2796 sym_hi - ok
04:26:40.0218 2796 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
04:26:40.0218 2796 sym_u3 - ok
04:26:40.0718 2796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
04:26:40.0734 2796 sysaudio - ok
04:26:41.0031 2796 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
04:26:41.0046 2796 SysmonLog - ok
04:26:41.0625 2796 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
04:26:41.0765 2796 TapiSrv - ok
04:26:42.0703 2796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
04:26:42.0875 2796 Tcpip - ok
04:26:43.0406 2796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
04:26:43.0421 2796 TDPIPE - ok
04:26:43.0859 2796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
04:26:43.0937 2796 TDTCP - ok
04:26:44.0406 2796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
04:26:44.0437 2796 TermDD - ok
04:26:44.0859 2796 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
04:26:44.0968 2796 TermService - ok
04:26:45.0437 2796 tfsnboio (b0d311f33c5b4a5858e4e6c965a79267) C:\WINDOWS\system32\dla\tfsnboio.sys
04:26:45.0468 2796 tfsnboio - ok
04:26:45.0937 2796 tfsncofs (250f74fce5d1eccb29ad9abeb55f35d8) C:\WINDOWS\system32\dla\tfsncofs.sys
04:26:45.0937 2796 tfsncofs - ok
04:26:46.0406 2796 tfsndrct (e23291934c59e1741ba83582e7a209c0) C:\WINDOWS\system32\dla\tfsndrct.sys
04:26:46.0453 2796 tfsndrct - ok
04:26:46.0859 2796 tfsndres (0d863d020633025f1e4ad3e0e325d503) C:\WINDOWS\system32\dla\tfsndres.sys
04:26:46.0875 2796 tfsndres - ok
04:26:47.0187 2796 tfsnifs (e3e10696663e35062851a376299198bd) C:\WINDOWS\system32\dla\tfsnifs.sys
04:26:47.0296 2796 tfsnifs - ok
04:26:48.0296 2796 tfsnopio (00cc366bdcbd8a9a1c95c1c59900dd9b) C:\WINDOWS\system32\dla\tfsnopio.sys
04:26:48.0312 2796 tfsnopio - ok
04:26:48.0671 2796 tfsnpool (84a91d08f49831e8c24e4d25ddefae87) C:\WINDOWS\system32\dla\tfsnpool.sys
04:26:48.0687 2796 tfsnpool - ok
04:26:49.0000 2796 tfsnudf (55b761c6e2d4fcedac3b46b6c0724830) C:\WINDOWS\system32\dla\tfsnudf.sys
04:26:49.0046 2796 tfsnudf - ok
04:26:49.0390 2796 tfsnudfa (64c6e8c217e30ee595120c66f6e783ba) C:\WINDOWS\system32\dla\tfsnudfa.sys
04:26:49.0453 2796 tfsnudfa - ok
04:26:49.0750 2796 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
04:26:49.0765 2796 Themes - ok
04:26:50.0046 2796 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
04:26:50.0062 2796 TosIde - ok
04:26:50.0187 2796 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
04:26:50.0234 2796 TrkWks - ok
04:26:50.0421 2796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
04:26:50.0453 2796 Udfs - ok
04:26:50.0859 2796 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
04:26:50.0890 2796 ultra - ok
04:26:51.0125 2796 UnlockerDriver5 (b2af2ba8a3205a8458b61f638fb431dd) C:\Program Files\Unlocker\UnlockerDriver5.sys
04:26:51.0156 2796 UnlockerDriver5 - ok
04:26:51.0531 2796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
04:26:51.0640 2796 Update - ok
04:26:52.0031 2796 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
04:26:52.0125 2796 upnphost - ok
04:26:52.0453 2796 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
04:26:52.0468 2796 UPS - ok
04:26:54.0562 2796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
04:26:54.0562 2796 usbccgp - ok
04:26:55.0406 2796 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
04:26:55.0437 2796 usbehci - ok
04:26:56.0390 2796 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
04:26:56.0406 2796 usbhub - ok
04:26:57.0187 2796 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
04:26:57.0218 2796 usbprint - ok
04:26:57.0750 2796 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
04:26:57.0781 2796 usbscan - ok
04:26:58.0671 2796 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
04:26:58.0718 2796 USBSTOR - ok
04:26:59.0328 2796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
04:26:59.0359 2796 usbuhci - ok
04:26:59.0937 2796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
04:26:59.0937 2796 VgaSave - ok
04:27:00.0750 2796 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
04:27:00.0859 2796 viaagp - ok
04:27:01.0515 2796 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
04:27:01.0562 2796 ViaIde - ok
04:27:03.0265 2796 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
04:27:03.0296 2796 VolSnap - ok
04:27:04.0031 2796 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
04:27:04.0140 2796 VSS - ok
04:27:04.0843 2796 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
04:27:04.0921 2796 w32time - ok
04:27:05.0875 2796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
04:27:05.0890 2796 Wanarp - ok
04:27:06.0500 2796 wanatw - ok
04:27:06.0984 2796 WDICA - ok
04:27:07.0281 2796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
04:27:07.0296 2796 wdmaud - ok
04:27:07.0578 2796 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
04:27:07.0593 2796 WebClient - ok
04:27:07.0921 2796 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
04:27:07.0937 2796 WinDefend - ok
04:27:08.0265 2796 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
04:27:08.0296 2796 winmgmt - ok
04:27:08.0812 2796 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
04:27:08.0859 2796 WmdmPmSN - ok
04:27:09.0234 2796 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
04:27:09.0250 2796 WmiApSrv - ok
04:27:10.0031 2796 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
04:27:10.0484 2796 WMPNetworkSvc - ok
04:27:10.0984 2796 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
04:27:11.0015 2796 wscsvc - ok
04:27:11.0281 2796 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
04:27:11.0296 2796 wuauserv - ok
04:27:11.0671 2796 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
04:27:11.0703 2796 WudfPf - ok
04:27:12.0203 2796 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
04:27:12.0218 2796 WudfRd - ok
04:27:12.0500 2796 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
04:27:12.0546 2796 WudfSvc - ok
04:27:13.0468 2796 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
04:27:13.0937 2796 WZCSVC - ok
04:27:14.0843 2796 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
04:27:14.0875 2796 xmlprov - ok
04:27:14.0906 2796 MBR (0x1B8) (a03e065717cb65f3034ad33ad58b6bba) \Device\Harddisk0\DR0
04:27:15.0015 2796 \Device\Harddisk0\DR0 - ok
04:27:15.0093 2796 Boot (0x1200) (a03ceaf7c265fc4010921f4a80e8a54f) \Device\Harddisk0\DR0\Partition0
04:27:15.0187 2796 \Device\Harddisk0\DR0\Partition0 - ok
04:27:15.0187 2796 ============================================================
04:27:15.0187 2796 Scan finished
04:27:15.0187 2796 ============================================================
04:27:15.0500 2368 Detected object count: 0
04:27:15.0500 2368 Actual detected object count: 0
04:28:11.0671 3276 ============================================================
04:28:11.0671 3276 Scan started
04:28:11.0671 3276 Mode: Manual; TDLFS;
04:28:11.0671 3276 ============================================================
04:28:15.0718 3276 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
04:28:15.0718 3276 Aavmker4 - ok
04:28:16.0234 3276 Abiosdsk - ok
04:28:16.0656 3276 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
04:28:16.0656 3276 abp480n5 - ok
04:28:17.0890 3276 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
04:28:17.0937 3276 ACPI - ok
04:28:19.0000 3276 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
04:28:19.0000 3276 ACPIEC - ok
04:28:20.0250 3276 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
04:28:20.0296 3276 adpu160m - ok
04:28:21.0921 3276 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
04:28:21.0921 3276 aeaudio - ok
04:28:24.0171 3276 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
04:28:24.0203 3276 aec - ok
04:28:24.0906 3276 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
04:28:25.0000 3276 AFD - ok
04:28:27.0515 3276 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
04:28:27.0546 3276 AFS2K - ok
04:28:29.0125 3276 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
04:28:29.0125 3276 agp440 - ok
04:28:30.0281 3276 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
04:28:30.0296 3276 agpCPQ - ok
04:28:40.0453 3276 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
04:28:40.0453 3276 Aha154x - ok
04:28:40.0796 3276 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
04:28:40.0796 3276 aic78u2 - ok
04:28:41.0468 3276 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
04:28:41.0484 3276 aic78xx - ok
04:28:41.0796 3276 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
04:28:41.0828 3276 Alerter - ok
04:28:42.0140 3276 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
04:28:42.0156 3276 ALG - ok
04:28:42.0468 3276 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
04:28:42.0484 3276 AliIde - ok
04:28:42.0812 3276 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
04:28:42.0828 3276 alim1541 - ok
04:28:43.0046 3276 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
04:28:43.0046 3276 amdagp - ok
04:28:43.0359 3276 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
04:28:43.0359 3276 amsint - ok
04:28:43.0468 3276 AppMgmt - ok
04:28:43.0843 3276 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
04:28:43.0843 3276 asc - ok
04:28:44.0593 3276 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
04:28:44.0593 3276 asc3350p - ok
04:28:44.0937 3276 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
04:28:44.0937 3276 asc3550 - ok
04:28:46.0546 3276 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
04:28:46.0546 3276 ASCTRM - ok
04:28:47.0671 3276 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
04:28:47.0781 3276 aspnet_state - ok
04:28:48.0984 3276 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
04:28:48.0984 3276 aswFsBlk - ok
04:28:49.0687 3276 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
04:28:49.0734 3276 aswMon2 - ok
04:28:50.0562 3276 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
04:28:50.0562 3276 aswRdr - ok
04:28:52.0906 3276 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
04:28:53.0078 3276 aswSnx - ok
04:28:54.0843 3276 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
04:28:55.0031 3276 aswSP - ok
04:28:55.0250 3276 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
04:28:55.0250 3276 aswTdi - ok
04:28:55.0531 3276 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
04:28:55.0531 3276 AsyncMac - ok
04:28:55.0796 3276 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
04:28:55.0828 3276 atapi - ok
04:28:56.0046 3276 Atdisk - ok
04:28:58.0890 3276 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
04:28:58.0937 3276 Atmarpc - ok
04:29:00.0187 3276 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
04:29:00.0234 3276 AudioSrv - ok
04:29:01.0328 3276 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
04:29:01.0328 3276 audstub - ok
04:29:02.0500 3276 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
04:29:02.0609 3276 avast! Antivirus - ok
04:29:05.0359 3276 AVG Anti-Spyware Driver (d6f4c1450699901048818b0c3aaf7a17) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
04:29:05.0437 3276 AVG Anti-Spyware Driver - ok
04:29:06.0984 3276 AVG Anti-Spyware Guard (5dcd235c061022bcda9aa48670b64211) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
04:29:07.0187 3276 AVG Anti-Spyware Guard - ok
04:29:08.0203 3276 AvgAsCln (6d4a1da6e6d522b3ebbcbff4a3589ec5) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
04:29:08.0203 3276 AvgAsCln - ok
04:29:08.0546 3276 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
04:29:08.0546 3276 Beep - ok
04:29:08.0890 3276 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
04:29:09.0000 3276 BITS - ok
04:29:09.0234 3276 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
04:29:09.0234 3276 Browser - ok
04:29:09.0593 3276 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
04:29:09.0593 3276 cbidf - ok
04:29:09.0984 3276 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
04:29:09.0984 3276 cbidf2k - ok
04:29:10.0281 3276 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
04:29:10.0281 3276 cd20xrnt - ok
04:29:10.0546 3276 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
04:29:10.0546 3276 Cdaudio - ok
04:29:10.0906 3276 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
04:29:10.0906 3276 Cdfs - ok
04:29:11.0203 3276 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
04:29:11.0203 3276 Cdrom - ok
04:29:11.0453 3276 Changer - ok
04:29:11.0687 3276 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
04:29:11.0765 3276 CiSvc - ok
04:29:12.0015 3276 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
04:29:12.0046 3276 ClipSrv - ok
04:29:12.0343 3276 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:29:12.0453 3276 clr_optimization_v2.0.50727_32 - ok
04:29:12.0765 3276 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
04:29:12.0765 3276 CmdIde - ok
04:29:12.0890 3276 COMSysApp - ok
04:29:13.0156 3276 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
04:29:13.0156 3276 Cpqarray - ok
04:29:13.0421 3276 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
04:29:13.0437 3276 CryptSvc - ok
04:29:13.0968 3276 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
04:29:13.0984 3276 dac2w2k - ok
04:29:14.0281 3276 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
04:29:14.0281 3276 dac960nt - ok
04:29:14.0531 3276 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
04:29:14.0718 3276 DcomLaunch - ok
04:29:15.0015 3276 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
04:29:15.0031 3276 Dhcp - ok
04:29:15.0234 3276 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
04:29:15.0250 3276 Disk - ok
04:29:15.0359 3276 dmadmin - ok
04:29:16.0375 3276 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
04:29:16.0781 3276 dmboot - ok
04:29:17.0187 3276 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
04:29:17.0218 3276 dmio - ok
04:29:17.0468 3276 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
04:29:17.0484 3276 dmload - ok
04:29:17.0750 3276 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
04:29:17.0765 3276 dmserver - ok
04:29:18.0093 3276 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
04:29:18.0093 3276 DMusic - ok
04:29:18.0359 3276 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
04:29:18.0375 3276 Dnscache - ok
04:29:18.0578 3276 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
04:29:18.0625 3276 Dot3svc - ok
04:29:18.0937 3276 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
04:29:18.0937 3276 dpti2o - ok
04:29:19.0156 3276 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
04:29:19.0156 3276 drmkaud - ok
04:29:19.0390 3276 drvmcdb (049177996e5e33b5faf40cad2b82098c) C:\WINDOWS\system32\drivers\drvmcdb.sys
04:29:19.0406 3276 drvmcdb - ok
04:29:19.0687 3276 drvnddm (2f4134d073f972575c174e3d621f0107) C:\WINDOWS\system32\drivers\drvnddm.sys
04:29:19.0687 3276 drvnddm - ok
04:29:19.0937 3276 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
04:29:19.0937 3276 DSBrokerService - ok
04:29:20.0187 3276 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
04:29:20.0187 3276 DSproct - ok
04:29:20.0468 3276 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
04:29:20.0468 3276 dsunidrv - ok
04:29:20.0796 3276 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
04:29:20.0812 3276 E100B - ok
04:29:21.0093 3276 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
04:29:21.0109 3276 EapHost - ok
04:29:21.0390 3276 ENETHUSB (8c3f3914f1c1e3e3ffe77190a4c9d735) C:\WINDOWS\system32\DRIVERS\enethusb.sys
04:29:21.0390 3276 ENETHUSB - ok
04:29:21.0593 3276 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
04:29:21.0609 3276 ERSvc - ok
04:29:21.0796 3276 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
04:29:21.0828 3276 Eventlog - ok
04:29:22.0265 3276 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
04:29:22.0375 3276 EventSystem - ok
04:29:22.0937 3276 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
04:29:22.0953 3276 Fastfat - ok
04:29:23.0140 3276 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
04:29:23.0171 3276 FastUserSwitchingCompatibility - ok
04:29:23.0406 3276 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
04:29:23.0437 3276 Fax - ok
04:29:23.0718 3276 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
04:29:23.0734 3276 Fdc - ok
04:29:24.0015 3276 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
04:29:24.0015 3276 Fips - ok
04:29:24.0312 3276 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
04:29:24.0328 3276 Flpydisk - ok
04:29:24.0578 3276 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
04:29:24.0578 3276 FltMgr - ok
04:29:24.0843 3276 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
04:29:24.0859 3276 FontCache3.0.0.0 - ok
04:29:25.0093 3276 Fs_Rec (643e54e860d950470e41c813d0af246e) C:\WINDOWS\system32\drivers\Fs_Rec.sys
04:29:25.0093 3276 Fs_Rec - ok
04:29:25.0531 3276 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
04:29:25.0531 3276 Ftdisk - ok
04:29:25.0828 3276 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
04:29:25.0843 3276 GoogleDesktopManager-051210-111108 - ok
04:29:26.0156 3276 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
04:29:26.0156 3276 Gpc - ok
04:29:26.0437 3276 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
04:29:26.0468 3276 gupdate - ok
04:29:26.0531 3276 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
04:29:26.0531 3276 gupdatem - ok
04:29:26.0843 3276 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
04:29:26.0890 3276 gusvc - ok
04:29:27.0093 3276 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
04:29:27.0125 3276 helpsvc - ok
04:29:27.0406 3276 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
04:29:27.0437 3276 HidServ - ok
04:29:27.0687 3276 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
04:29:27.0687 3276 HidUsb - ok
04:29:28.0468 3276 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
04:29:28.0500 3276 hkmsvc - ok
04:29:28.0843 3276 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
04:29:28.0843 3276 hpn - ok
04:29:29.0187 3276 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
04:29:29.0218 3276 HTTP - ok
04:29:29.0468 3276 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
04:29:29.0484 3276 HTTPFilter - ok
04:29:29.0734 3276 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
04:29:29.0750 3276 i2omgmt - ok
04:29:30.0031 3276 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
04:29:30.0031 3276 i2omp - ok
04:29:30.0343 3276 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
04:29:30.0343 3276 i8042prt - ok
04:29:30.0906 3276 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
04:29:31.0359 3276 ialm - ok
04:29:31.0703 3276 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
04:29:31.0718 3276 IDriverT - ok
04:29:32.0000 3276 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
04:29:32.0015 3276 Imapi - ok
04:29:32.0187 3276 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
04:29:32.0203 3276 ImapiService - ok
04:29:32.0468 3276 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
04:29:32.0468 3276 ini910u - ok
04:29:32.0843 3276 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
04:29:32.0968 3276 IntelC51 - ok
04:29:33.0140 3276 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
04:29:33.0203 3276 IntelC52 - ok
04:29:33.0343 3276 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
04:29:33.0343 3276 IntelC53 - ok
04:29:33.0468 3276 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
04:29:33.0468 3276 IntelIde - ok
04:29:34.0453 3276 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
04:29:34.0453 3276 intelppm - ok
04:29:34.0687 3276 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
04:29:34.0703 3276 Ip6Fw - ok
04:29:34.0843 3276 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
04:29:34.0843 3276 IpFilterDriver - ok
04:29:35.0078 3276 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
04:29:35.0078 3276 IpInIp - ok
04:29:35.0234 3276 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
04:29:35.0281 3276 IpNat - ok
04:29:35.0515 3276 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
04:29:35.0515 3276 IPSec - ok
04:29:35.0750 3276 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
04:29:35.0750 3276 IRENUM - ok
04:29:35.0875 3276 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
04:29:35.0875 3276 isapnp - ok
04:29:36.0031 3276 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
04:29:36.0046 3276 Kbdclass - ok
04:29:36.0375 3276 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
04:29:36.0375 3276 kbdhid - ok
04:29:36.0562 3276 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
04:29:36.0578 3276 kmixer - ok
04:29:36.0828 3276 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
04:29:36.0843 3276 KSecDD - ok
04:29:37.0031 3276 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
04:29:37.0046 3276 lanmanserver - ok
04:29:37.0187 3276 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
04:29:37.0234 3276 lanmanworkstation - ok
04:29:37.0312 3276 lbrtfdc - ok
04:29:37.0437 3276 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
04:29:37.0515 3276 LmHosts - ok
04:29:37.0625 3276 MCVSRte - ok
04:29:37.0828 3276 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
04:29:37.0875 3276 Messenger - ok
04:29:38.0140 3276 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
04:29:38.0140 3276 mnmdd - ok
04:29:38.0296 3276 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
04:29:38.0312 3276 mnmsrvc - ok
04:29:38.0515 3276 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
04:29:38.0515 3276 Modem - ok
04:29:38.0703 3276 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
04:29:38.0718 3276 MODEMCSA - ok
04:29:38.0906 3276 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
04:29:38.0906 3276 mohfilt - ok
04:29:40.0390 3276 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
04:29:40.0406 3276 Mouclass - ok
04:29:41.0265 3276 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
04:29:41.0281 3276 mouhid - ok
04:29:42.0578 3276 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
04:29:42.0578 3276 MountMgr - ok
04:29:43.0031 3276 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
04:29:43.0031 3276 mraid35x - ok
04:29:43.0296 3276 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
04:29:43.0343 3276 MRxDAV - ok
04:29:43.0562 3276 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
04:29:43.0593 3276 MRxSmb - ok
04:29:43.0796 3276 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
04:29:43.0812 3276 MSDTC - ok
04:29:44.0015 3276 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
04:29:44.0031 3276 Msfs - ok
04:29:44.0156 3276 MSIServer - ok
04:29:44.0375 3276 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
04:29:44.0375 3276 MSKSSRV - ok
04:29:44.0734 3276 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
04:29:44.0734 3276 MSPCLOCK - ok
04:29:44.0921 3276 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
04:29:44.0921 3276 MSPQM - ok
04:29:45.0203 3276 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
04:29:45.0203 3276 mssmbios - ok
04:29:45.0390 3276 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
04:29:45.0406 3276 Mup - ok
04:29:45.0609 3276 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
04:29:45.0734 3276 napagent - ok
04:29:45.0921 3276 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
04:29:45.0937 3276 NDIS - ok
04:29:46.0125 3276 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
04:29:46.0140 3276 NdisTapi - ok
04:29:46.0359 3276 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
04:29:46.0359 3276 Ndisuio - ok
04:29:46.0531 3276 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
04:29:46.0546 3276 NdisWan - ok
04:29:46.0750 3276 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
04:29:46.0750 3276 NDProxy - ok
04:29:46.0921 3276 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
04:29:46.0921 3276 NetBIOS - ok
04:29:47.0125 3276 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
04:29:47.0140 3276 NetBT - ok
04:29:47.0359 3276 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
04:29:47.0390 3276 NetDDE - ok
04:29:47.0453 3276 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
04:29:47.0468 3276 NetDDEdsdm - ok
04:29:47.0656 3276 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:29:47.0671 3276 Netlogon - ok
04:29:47.0906 3276 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
04:29:47.0953 3276 Netman - ok
04:29:48.0203 3276 NetSvc (737351f39fef765234037770abdd72bd) C:\Program Files\Intel\NCS\Sync\NetSvc.exe
04:29:48.0296 3276 NetSvc - ok
04:29:48.0484 3276 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
04:29:48.0531 3276 Nla - ok
04:29:48.0750 3276 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
04:29:48.0921 3276 NMIndexingService - ok
04:29:49.0296 3276 nmraapache (13350ddd0976ceb5f125396c7bfb05b4) C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
04:29:49.0312 3276 nmraapache - ok
04:29:49.0593 3276 nmservice (82c5a813e8ea7e94dc1afa24cd803b80) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
04:29:49.0796 3276 nmservice - ok
04:29:49.0968 3276 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
04:29:49.0968 3276 Npfs - ok
04:29:50.0359 3276 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
04:29:50.0484 3276 Ntfs - ok
04:29:50.0671 3276 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:29:50.0671 3276 NtLmSsp - ok
04:29:50.0937 3276 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
04:29:51.0062 3276 NtmsSvc - ok
04:29:52.0453 3276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
04:29:52.0453 3276 Null - ok
04:29:53.0046 3276 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
04:29:53.0656 3276 nv - ok
04:29:53.0906 3276 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
04:29:53.0906 3276 NwlnkFlt - ok
04:29:54.0296 3276 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
04:29:54.0296 3276 NwlnkFwd - ok
04:29:54.0609 3276 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
04:29:54.0609 3276 omci - ok
04:29:54.0843 3276 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
04:29:54.0859 3276 Parport - ok
04:29:55.0062 3276 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
04:29:55.0062 3276 PartMgr - ok
04:29:55.0265 3276 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
04:29:55.0281 3276 ParVdm - ok
04:29:55.0421 3276 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
04:29:55.0437 3276 PCI - ok
04:29:55.0546 3276 PCIDump - ok
04:29:55.0796 3276 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
04:29:55.0796 3276 PCIIde - ok
04:29:55.0968 3276 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
04:29:56.0000 3276 Pcmcia - ok
04:29:56.0156 3276 PDCOMP - ok
04:29:56.0218 3276 PDFRAME - ok
04:29:56.0328 3276 PDRELI - ok
04:29:56.0437 3276 PDRFRAME - ok
04:29:56.0750 3276 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
04:29:56.0750 3276 perc2 - ok
04:29:57.0015 3276 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
04:29:57.0015 3276 perc2hib - ok
04:29:57.0296 3276 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
04:29:57.0312 3276 PfModNT - ok
04:29:57.0859 3276 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
04:29:57.0875 3276 PlugPlay - ok
04:29:58.0125 3276 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys
04:29:58.0125 3276 pnarp - ok
04:29:58.0312 3276 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
04:29:58.0312 3276 Point32 - ok
04:29:58.0500 3276 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:29:58.0500 3276 PolicyAgent - ok
04:29:58.0687 3276 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
04:29:58.0687 3276 PptpMiniport - ok
04:29:58.0875 3276 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:29:58.0875 3276 ProtectedStorage - ok
04:29:59.0093 3276 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
04:29:59.0109 3276 PSched - ok
04:29:59.0453 3276 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
04:29:59.0468 3276 Ptilink - ok
04:29:59.0640 3276 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys
04:29:59.0640 3276 purendis - ok
04:29:59.0796 3276 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
04:29:59.0796 3276 PxHelp20 - ok
04:30:00.0093 3276 QBCFMonitorService (e6be48afdcf7be96f69455581f15221c) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
04:30:00.0140 3276 QBCFMonitorService - ok
04:30:01.0390 3276 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
04:30:01.0437 3276 QBFCService - ok
04:30:01.0671 3276 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
04:30:01.0671 3276 ql1080 - ok
04:30:01.0937 3276 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
04:30:01.0937 3276 Ql10wnt - ok
04:30:02.0109 3276 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
04:30:02.0109 3276 ql12160 - ok
04:30:02.0375 3276 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
04:30:02.0375 3276 ql1240 - ok
04:30:02.0515 3276 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
04:30:02.0515 3276 ql1280 - ok
04:30:02.0656 3276 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
04:30:02.0671 3276 RasAcd - ok
04:30:02.0812 3276 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
04:30:02.0843 3276 RasAuto - ok
04:30:02.0984 3276 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
04:30:02.0984 3276 Rasl2tp - ok
04:30:03.0203 3276 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
04:30:03.0234 3276 RasMan - ok
04:30:03.0765 3276 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
04:30:03.0781 3276 RasPppoe - ok
04:30:03.0890 3276 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
04:30:03.0906 3276 Raspti - ok
04:30:04.0093 3276 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
04:30:04.0109 3276 Rdbss - ok
04:30:04.0328 3276 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
04:30:04.0328 3276 RDPCDD - ok
04:30:04.0546 3276 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
04:30:04.0562 3276 rdpdr - ok
04:30:04.0828 3276 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
04:30:04.0828 3276 RDPWD - ok
04:30:05.0093 3276 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
04:30:05.0156 3276 RDSessMgr - ok
04:30:05.0359 3276 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
04:30:05.0359 3276 redbook - ok
04:30:05.0562 3276 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
04:30:05.0593 3276 RemoteAccess - ok
04:30:05.0875 3276 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
04:30:05.0906 3276 RpcLocator - ok
04:30:06.0125 3276 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
04:30:06.0140 3276 RpcSs - ok
04:30:06.0343 3276 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
04:30:06.0406 3276 RSVP - ok
04:30:06.0609 3276 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
04:30:06.0609 3276 SamSs - ok
04:30:06.0781 3276 SASDIFSV (bfbc4be8d6ac6d33ad93f3f5f2e11499) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
04:30:06.0781 3276 SASDIFSV - ok
04:30:06.0984 3276 SASENUM (7f1085895e499907f68df7731924122b) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
04:30:07.0015 3276 SASENUM - ok
04:30:07.0187 3276 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
04:30:07.0203 3276 SASKUTIL - ok
04:30:07.0531 3276 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
04:30:07.0578 3276 SCardSvr - ok
04:30:07.0843 3276 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
04:30:07.0921 3276 Schedule - ok
04:30:08.0265 3276 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
04:30:08.0265 3276 Secdrv - ok
04:30:08.0546 3276 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
04:30:08.0578 3276 seclogon - ok
04:30:08.0796 3276 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
04:30:08.0812 3276 SENS - ok
04:30:09.0625 3276 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
04:30:09.0625 3276 serenum - ok
04:30:09.0828 3276 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
04:30:09.0843 3276 Serial - ok
04:30:10.0093 3276 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
04:30:10.0093 3276 Sfloppy - ok
04:30:10.0281 3276 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
04:30:10.0343 3276 SharedAccess - ok
04:30:10.0468 3276 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
04:30:10.0484 3276 ShellHWDetection - ok
04:30:10.0656 3276 Simbad - ok
04:30:10.0875 3276 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
04:30:10.0875 3276 sisagp - ok
04:30:11.0171 3276 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
04:30:11.0296 3276 smwdm - ok
04:30:11.0531 3276 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
04:30:11.0531 3276 Sparrow - ok
04:30:11.0703 3276 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
04:30:11.0703 3276 splitter - ok
04:30:11.0890 3276 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
04:30:11.0906 3276 Spooler - ok
04:30:12.0093 3276 sprtsvc_dellsupportcenter - ok
04:30:12.0296 3276 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
04:30:12.0312 3276 sr - ok
04:30:12.0421 3276 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
04:30:12.0453 3276 srservice - ok
04:30:12.0765 3276 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
04:30:12.0843 3276 Srv - ok
04:30:12.0968 3276 sscdbhk5 (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys
04:30:12.0984 3276 sscdbhk5 - ok
04:30:13.0171 3276 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
04:30:13.0234 3276 SSDPSRV - ok
04:30:13.0484 3276 ssrtln (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys
04:30:13.0484 3276 ssrtln - ok
04:30:13.0703 3276 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
04:30:13.0718 3276 StillCam - ok
04:30:13.0906 3276 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
04:30:14.0031 3276 stisvc - ok
04:30:14.0406 3276 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
04:30:14.0421 3276 swenum - ok
04:30:15.0187 3276 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
04:30:15.0187 3276 swmidi - ok
04:30:15.0312 3276 SwPrv - ok
04:30:15.0453 3276 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
04:30:15.0468 3276 symc810 - ok
04:30:15.0687 3276 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
04:30:15.0687 3276 symc8xx - ok
04:30:15.0875 3276 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
04:30:15.0875 3276 sym_hi - ok
04:30:16.0171 3276 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
04:30:16.0171 3276 sym_u3 - ok
04:30:16.0359 3276 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
04:30:16.0359 3276 sysaudio - ok
04:30:16.0609 3276 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
04:30:16.0640 3276 SysmonLog - ok
04:30:16.0812 3276 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
04:30:16.0906 3276 TapiSrv - ok
04:30:17.0140 3276 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
04:30:17.0203 3276 Tcpip - ok
04:30:17.0406 3276 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
04:30:17.0406 3276 TDPIPE - ok
04:30:17.0703 3276 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
04:30:17.0703 3276 TDTCP - ok
04:30:17.0968 3276 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
04:30:17.0968 3276 TermDD - ok
04:30:18.0234 3276 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
04:30:18.0281 3276 TermService - ok
04:30:18.0546 3276 tfsnboio (b0d311f33c5b4a5858e4e6c965a79267) C:\WINDOWS\system32\dla\tfsnboio.sys
04:30:18.0546 3276 tfsnboio - ok
04:30:18.0843 3276 tfsncofs (250f74fce5d1eccb29ad9abeb55f35d8) C:\WINDOWS\system32\dla\tfsncofs.sys
04:30:18.0875 3276 tfsncofs - ok
04:30:19.0109 3276 tfsndrct (e23291934c59e1741ba83582e7a209c0) C:\WINDOWS\system32\dla\tfsndrct.sys
04:30:19.0140 3276 tfsndrct - ok
04:30:19.0390 3276 tfsndres (0d863d020633025f1e4ad3e0e325d503) C:\WINDOWS\system32\dla\tfsndres.sys
04:30:19.0406 3276 tfsndres - ok
04:30:19.0687 3276 tfsnifs (e3e10696663e35062851a376299198bd) C:\WINDOWS\system32\dla\tfsnifs.sys
04:30:19.0734 3276 tfsnifs - ok
04:30:19.0953 3276 tfsnopio (00cc366bdcbd8a9a1c95c1c59900dd9b) C:\WINDOWS\system32\dla\tfsnopio.sys
04:30:20.0000 3276 tfsnopio - ok
04:30:20.0781 3276 tfsnpool (84a91d08f49831e8c24e4d25ddefae87) C:\WINDOWS\system32\dla\tfsnpool.sys
04:30:20.0859 3276 tfsnpool - ok
04:30:21.0125 3276 tfsnudf (55b761c6e2d4fcedac3b46b6c0724830) C:\WINDOWS\system32\dla\tfsnudf.sys
04:30:21.0140 3276 tfsnudf - ok
04:30:21.0343 3276 tfsnudfa (64c6e8c217e30ee595120c66f6e783ba) C:\WINDOWS\system32\dla\tfsnudfa.sys
04:30:21.0406 3276 tfsnudfa - ok
04:30:21.0531 3276 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
04:30:21.0546 3276 Themes - ok
04:30:21.0687 3276 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
04:30:21.0687 3276 TosIde - ok
04:30:21.0828 3276 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
04:30:21.0890 3276 TrkWks - ok
04:30:22.0203 3276 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
04:30:22.0203 3276 Udfs - ok
04:30:22.0390 3276 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
04:30:22.0406 3276 ultra - ok
04:30:22.0796 3276 UnlockerDriver5 (b2af2ba8a3205a8458b61f638fb431dd) C:\Program Files\Unlocker\UnlockerDriver5.sys
04:30:22.0828 3276 UnlockerDriver5 - ok
04:30:23.0125 3276 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
04:30:23.0250 3276 Update - ok
04:30:23.0515 3276 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
04:30:23.0562 3276 upnphost - ok
04:30:23.0750 3276 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
04:30:23.0796 3276 UPS - ok
04:30:24.0093 3276 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
04:30:24.0093 3276 usbccgp - ok
04:30:24.0265 3276 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
04:30:24.0265 3276 usbehci - ok
04:30:24.0562 3276 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
04:30:24.0562 3276 usbhub - ok
04:30:24.0734 3276 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
04:30:24.0734 3276 usbprint - ok
04:30:24.0875 3276 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
04:30:24.0875 3276 usbscan - ok
04:30:25.0109 3276 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
04:30:25.0109 3276 USBSTOR - ok
04:30:25.0359 3276 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
04:30:25.0359 3276 usbuhci - ok
04:30:25.0546 3276 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
04:30:25.0546 3276 VgaSave - ok
04:30:25.0687 3276 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
04:30:25.0703 3276 viaagp - ok
04:30:26.0296 3276 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
04:30:26.0296 3276 ViaIde - ok
04:30:26.0843 3276 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
04:30:26.0843 3276 VolSnap - ok
04:30:27.0062 3276 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
04:30:27.0171 3276 VSS - ok
04:30:27.0406 3276 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
04:30:27.0453 3276 w32time - ok
04:30:27.0750 3276 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
04:30:27.0750 3276 Wanarp - ok
04:30:27.0906 3276 wanatw - ok
04:30:28.0109 3276 WDICA - ok
04:30:28.0328 3276 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
04:30:28.0343 3276 wdmaud - ok
04:30:28.0578 3276 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
04:30:28.0625 3276 WebClient - ok
04:30:28.0828 3276 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
04:30:28.0843 3276 WinDefend - ok
04:30:29.0046 3276 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
04:30:29.0093 3276 winmgmt - ok
04:30:29.0328 3276 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
04:30:29.0343 3276 WmdmPmSN - ok
04:30:29.0656 3276 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
04:30:29.0703 3276 WmiApSrv - ok
04:30:30.0109 3276 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
04:30:30.0250 3276 WMPNetworkSvc - ok
04:30:30.0390 3276 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
04:30:30.0421 3276 wscsvc - ok
04:30:30.0546 3276 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
04:30:30.0562 3276 wuauserv - ok
04:30:30.0796 3276 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
04:30:30.0828 3276 WudfPf - ok
04:30:31.0031 3276 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
04:30:31.0046 3276 WudfRd - ok
04:30:31.0203 3276 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
04:30:31.0250 3276 WudfSvc - ok
04:30:31.0406 3276 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
04:30:31.0546 3276 WZCSVC - ok
04:30:31.0656 3276 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
04:30:31.0671 3276 xmlprov - ok
04:30:31.0750 3276 MBR (0x1B8) (a03e065717cb65f3034ad33ad58b6bba) \Device\Harddisk0\DR0
04:30:32.0765 3276 \Device\Harddisk0\DR0 - ok
04:30:32.0796 3276 Boot (0x1200) (a03ceaf7c265fc4010921f4a80e8a54f) \Device\Harddisk0\DR0\Partition0
04:30:32.0828 3276 \Device\Harddisk0\DR0\Partition0 - ok
04:30:32.0828 3276 ============================================================
04:30:32.0828 3276 Scan finished
04:30:32.0828 3276 ============================================================
04:30:32.0843 2464 Detected object count: 0
04:30:32.0843 2464 Actual detected object count: 0
04:32:40.0828 1996 Deinitialize success


More to follow in subsequent post.

#7 lefty16

lefty16
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 08 April 2012 - 12:53 AM

Scan log for GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-07 10:12:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.8.16
Running: l3m3gq62.exe; Driver: C:\DOCUME~1\Kirk\LOCALS~1\Temp\pxdyapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xEF8EFDF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xEF9A4A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xEF8F085E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xEF91CD5D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xEF8F52E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xEF8F5330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xEF8F5422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xEF91C711]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xEF8F5252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xEF8F5374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xEF8F529A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xEF8F53DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xEF8EFE44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xEF91D423]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xEF91D6D9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xEF8F29A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEF91D28E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEF91D0F9]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xEF9A4B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xEF8EFAD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xEF8EFE90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xEF8F2D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xEF8F0B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xEF8F530E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xEF8F5352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xEF8F5446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xEF91CA6D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xEF8F5278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xEF8F2518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xEF8F53AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xEF8F52C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xEF8F274C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xEF8F5400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xEF9A4CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xEF91CF74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xEF8F09CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xEF91CDC6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEF9AEB68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xEF91BD84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xEF8EFEDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xEF8EFF28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xEF8EFB46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xEF8EFCEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xEF91D52A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xEF8EFC92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xEF8EFD5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xEF9A4D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xEF8EFF74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xEF9A4BE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEF9BAD92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP EF9B974C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 805766FB 4 Bytes CALL EF8F119F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B9EC 7 Bytes JMP EF9BAD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805AD1E0 5 Bytes JMP EF9B7C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text KDCOM.DLL!KdSendPacket F8A78345 45 Bytes [F6, C1, 01, 74, 0A, D1, E9, ...]
.text KDCOM.DLL!KdSendPacket F8A78373 8 Bytes [55, 8B, EC, 51, 51, 83, 65, ...]
.text KDCOM.DLL!KdSendPacket F8A7837C 9 Bytes [83, 7D, 0C, 00, 8A, 81, 00, ...]
.text KDCOM.DLL!KdD0Transition F8A78386 26 Bytes [8A, 91, 01, 01, 00, 00, 0F, ...]
.text KDCOM.DLL!KdD0Transition + 1C F8A783A2 27 Bytes [80, 79, 07, 48, 0D, 00, FF, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 18 F8A783BE 111 Bytes [00, 80, 79, 08, 4A, 81, CA, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 88 F8A7842E 22 Bytes [56, 57, 85, DB, 75, 07, B8, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 9F F8A78445 10 Bytes [A0, 00, C0, EB, 34, FF, 73, ...]
.text KDCOM.DLL!KdDebuggerInitialize1 + 5 F8A78451 84 Bytes [00, 8B, F3, 8D, BD, 00, FE, ...]
.text KDCOM.DLL!KdRestore + 46 F8A784A6 135 Bytes [03, 45, FC, 6A, 10, 50, FF, ...]
.text KDCOM.DLL!KdRestore + CE F8A7852E 37 Bytes [BF, 00, 00, 00, C0, 8B, C8, ...]
.text KDCOM.DLL!KdRestore + F4 F8A78554 32 Bytes [2A, FF, FF, FF, 8B, C8, 23, ...]
.text KDCOM.DLL!KdRestore + 115 F8A78575 6 Bytes [46, 10, 50, 68, E8, 82]
.text KDCOM.DLL!KdRestore + 11D F8A7857D 122 Bytes CALL F8A78482 \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
.text ...
PAGEKD KDCOM.DLL!KdReceivePacket + 3D F8A78F89 55 Bytes [F8, 89, 5F, 78, C6, 47, 7C, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + 75 F8A78FC1 96 Bytes [00, 00, 53, FF, 15, AC, 82, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + D6 F8A79022 40 Bytes [E4, 33, C0, EB, 05, 1B, C0, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + FF F8A7904B 4 Bytes [EB, 0B, 0F, B7]
PAGEKD KDCOM.DLL!KdReceivePacket + 104 F8A79050 1 Byte [FC]
PAGEKD ...
PAGEKD KDCOM.DLL!KdSendPacket + 39 F8A791EB 34 Bytes [8A, 08, 40, 84, C9, 75, F9, ...]
PAGEKD KDCOM.DLL!KdSendPacket + 5C F8A7920E 57 Bytes [00, 6A, 64, 8D, 45, 98, 6A, ...]
PAGEKD KDCOM.DLL!KdSendPacket + 97 F8A79249 134 Bytes [59, 8B, D0, 66, 8B, 08, 83, ...]
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF8833760]
.text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP EF8F4180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C84E 5 Bytes JMP EF8F407C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP EF8F4036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C550 5 Bytes JMP EF8F3724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240C0 5 Bytes JMP EF8F2F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A2A 5 Bytes JMP EF8F42EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831475 5 Bytes JMP EF8F44F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF839EB3 5 Bytes JMP EF8F3F3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851745 5 Bytes JMP EF8F2E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC6A 5 Bytes JMP EF8F37E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2D4 5 Bytes JMP EF8F3384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E35F 5 Bytes JMP EF8F3562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5D2 5 Bytes JMP EF8F2E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649A1 5 Bytes JMP EF8F40BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873CF0 5 Bytes JMP EF8F351C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890FA2 5 Bytes JMP EF8F37FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89454D 5 Bytes JMP EF8F4232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895025 5 Bytes JMP EF8F4450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3857 BF89C3CB 5 Bytes JMP EF8F370C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89D960 5 Bytes JMP EF8F2FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C1EE0 5 Bytes JMP EF8F3104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA342 5 Bytes JMP EF8F31AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA5C2 5 Bytes JMP EF8F32E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC017 5 Bytes JMP EF8F2D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB3D BF8F5016 5 Bytes JMP EF8F373C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF913566 5 Bytes JMP EF8F2F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF91413A 5 Bytes JMP EF8F30B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF916AB3 5 Bytes JMP EF8F367C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1940 BF946632 5 Bytes JMP EF8F43A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[252] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[252] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[252] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[252] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[252] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[356] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[356] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[356] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[356] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[356] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[356] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[356] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[356] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[356] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[356] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[356] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[356] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[356] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\smss.exe[636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[760] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[760] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[760] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[760] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[760] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[760] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[760] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[760] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[760] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[760] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[760] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[760] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[904] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[904] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[904] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[904] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[904] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[904] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[904] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[904] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[904] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[904] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[904] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[904] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[904] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[904] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[972] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[972] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1076] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1124] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1124] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1124] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1124] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1124] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1124] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1124] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1124] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\Windows Defender\MsMpEng.exe[1144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Defender\MsMpEng.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\Program Files\Windows Defender\MsMpEng.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
.text C:\Program Files\Windows Defender\MsMpEng.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
.text C:\Program Files\Windows Defender\MsMpEng.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
.text C:\Program Files\Windows Defender\MsMpEng.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
.text C:\Program Files\Windows Defender\MsMpEng.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
.text C:\Program Files\Windows Defender\MsMpEng.exe[1144] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
.text C:\Program Files\Windows Defender\MsMpEng.exe[1144] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
.text C:\Program Files\Windows Defender\MsMpEng.exe[1144] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
.text C:\Program Files\Windows Defender\MsMpEng.exe[1144] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00300804
.text C:\Program Files\Windows Defender\MsMpEng.exe[1144] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300A08
.text C:\Program Files\Windows Defender\MsMpEng.exe[1144] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00300600
.text C:\Program Files\Windows Defender\MsMpEng.exe[1144] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003001F8
.text C:\Program Files\Windows Defender\MsMpEng.exe[1144] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1188] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1288] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1288] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1288] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1288] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1288] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1288] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1288] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1288] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1288] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1288] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1288] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1288] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1288] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1288] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1288] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[1288] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1312] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1416] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1416] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1484] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1608] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[1608] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1608] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1608] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1608] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[1608] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1608] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1608] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1608] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[1608] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[1608] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[1608] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[1608] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[1944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[1944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[1944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[1944] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[1944] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[1944] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[1944] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[1944] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[1944] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[1944] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[1944] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[1944] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[1944] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[1944] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[1944] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[1944] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[1944] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Documents and Settings\Kirk\My Documents\Downloads\l3m3gq62.exe[2216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Kirk\My Documents\Downloads\l3m3gq62.exe[2216] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[2484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wuauclt.exe[2484] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wuauclt.exe[2484] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2720] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2720] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2720] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2720] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2720] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2720] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2720] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2720] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2720] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2720] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2720] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2720] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2720] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[2720] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[2836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[2836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[2836] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[2836] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[2836] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[2836] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[2836] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[2836] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[2836] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[2836] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[2836] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[2836] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[2836] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[2836] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[2836] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[2836] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Pure Networks\Network Magic\nmapp.exe[2836] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\svchost.exe[3188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[3188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[3188] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3188] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[3188] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[3188] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[3188] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[3188] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[3188] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[3188] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[3188] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[3188] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[3188] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[3188] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[3188] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[3188] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[3368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3368] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3368] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[3368] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[3368] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[3368] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[3368] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[3368] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3412] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3412] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3412] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3412] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3412] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3412] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3412] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3412] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3412] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3412] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3412] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3412] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3412] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3412] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[3412] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\wscntfy.exe[3592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3592] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3648] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[3648] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3648] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[3648] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3648] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[3648] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[3648] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[3648] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[3648] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[3648] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[3648] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[3648] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[3648] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[3648] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[3648] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[3648] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[3648] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 013D5B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 04211014
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 04210804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 04210A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 04210C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 04210E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 042101F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 042103FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3688] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 04210600

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdSendPacket] [F8A785F8] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdD0Transition] [F8A785A6] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdD3Transition] [F8A785B0] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdReceivePacket] [F8A785D4] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdDebuggerInitialize0] [F8A785BA] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdSave] [F8A785EC] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdDebuggerInitialize1] [F8A785C6] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntoskrnl.exe[KDCOM.dll!KdRestore] [F8A785E0] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\hal.dll[KDCOM.dll!KdRestore] [F8A785E0] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!WRITE_REGISTER_UCHAR] 006C6C64
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!READ_REGISTER_UCHAR] 6C6C642E
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!HalPrivateDispatchTable] 8B550000
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!KeFindConfigurationEntry] C88351EC
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!InbvDisplayString] 087D83FF
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!KdDebuggerNotPresent] 573E7400
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!_strupr] FF3AB60F
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!strstr] B60F084D
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!MmMapIoSpace] 42CF33C8
IAT \WINDOWS\system32\KDCOM.DLL[ntoskrnl.exe!atol] 00FC45C7
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!READ_PORT_UCHAR] 00000032
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!WRITE_PORT_UCHAR] 736F746E
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalQueryRealTimeClock] 6C6E726B
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalInitSystem] 6578652E
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!KdComPortInUse] 00000000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00660002
IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00660000
IAT C:\Program Files\Alwil Software\Avast5\avastUI.exe[1076] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----




Scan log for aswMBR (quickscan mode)


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 10:28:05
-----------------------------
10:28:05.546 OS Version: Windows 5.1.2600 Service Pack 3
10:28:05.546 Number of processors: 2 586 0x304
10:28:05.625 ComputerName: D2LD5V51 UserName: Kirk
10:28:23.343 Initialize success
10:28:34.906 AVAST engine defs: 12040700
10:30:08.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:30:08.640 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
10:30:08.718 Disk 0 MBR read successfully
10:30:08.718 Disk 0 MBR scan
10:30:08.734 Disk 0 unknown MBR code
10:30:08.734 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
10:30:08.781 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 72645 MB offset 96390
10:30:08.828 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3584 MB offset 148890420
10:30:08.859 Disk 0 scanning sectors +156249984
10:30:11.109 Disk 0 scanning C:\WINDOWS\system32\drivers
10:31:00.484 Service scanning
10:31:32.078 Modules scanning
10:32:20.031 Disk 0 trace - called modules:
10:32:20.046 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
10:32:20.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b83030]
10:32:20.062 3 CLASSPNP.SYS[f8638fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82b64d98]
10:32:20.296 AVAST engine scan C:\WINDOWS
10:32:58.687 AVAST engine scan C:\WINDOWS\system32
10:37:54.218 AVAST engine scan C:\WINDOWS\system32\drivers
10:38:27.906 AVAST engine scan C:\Documents and Settings\Kirk
10:45:16.390 File: C:\Documents and Settings\Kirk\Local Settings\Temp\187.tmp **INFECTED** Win32:Crypt-MHR [Trj]
11:00:27.390 AVAST engine scan C:\Documents and Settings\All Users
11:03:03.125 Scan finished successfully
11:24:14.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kirk\My Documents\Documents\MBR.dat"
11:24:14.843 The log file has been saved successfully to "C:\Documents and Settings\Kirk\My Documents\Documents\aswMBR.txt"




I see that there is an infected temp file. What should I do to remove it?

FYI, I haven't received anymore Avast alerts since I did these scans and got back on the internet.

Edited by lefty16, 08 April 2012 - 12:57 AM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:43 PM

Posted 08 April 2012 - 08:46 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#9 lefty16

lefty16
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 10 April 2012 - 03:19 AM

The scan results from Malwarebytes:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.09.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kirk :: D2LD5V51 [administrator]

4/8/2012 10:36:37 PM
mbam-log-2012-04-09 (07-27-00).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 320245
Time elapsed: 6 hour(s), 39 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\HPD.DLL (Spyware.OnlineGames) -> Data: 1 -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\HPDBRIDGE.DLL (Spyware.OnlineGames) -> Data: 1 -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\QBPW_CI.DLL (Spyware.OnlineGames) -> Data: 1 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Program Files\BackupLib.dll (Spyware.OnlineGames) -> No action taken.
C:\Program Files\boost_regex-vc80-mt-p-1_33.dll (Spyware.OnlineGames) -> No action taken.
C:\Program Files\boost_serialization-vc80-mt-p-1_33.dll (Spyware.OnlineGames) -> No action taken.
C:\Program Files\HPD.DLL (Spyware.OnlineGames) -> No action taken.
C:\Program Files\HPDBridge.dll (Spyware.OnlineGames) -> No action taken.
C:\Program Files\QBMAPILibrary.dll (Spyware.OnlineGames) -> No action taken.
C:\Program Files\QBPW_CI.dll (Spyware.OnlineGames) -> No action taken.

(end)



I didn't remove any of the listed items from this scan because from experience with use of this program it lists items associated with my Quickbooks program and if I remove them it makes Quickbooks non-accessible




The log from the ESET scan:

C:\Documents and Settings\Kirk\Local Settings\Temp\plugtmp-52\plugin-1ddfp.php JS/Exploit.Pdfka.PGE.Gen trojan cleaned by deleting - quarantined
C:\found.000\file0000.chk JS/Exploit.Shellcode.A.gen trojan cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\csblbdrs.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\csnjujiv.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined




The log from the Minitoolbox scan:


MiniToolBox by Farbar Version: 18-01-2012
Ran by Kirk (administrator) on 09-04-2012 at 23:26:30
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net 127.0.0.1 www.abcsearcher.com 127.0.0.1 abc-search.info
127.0.0.1 abloga.info 127.0.0.1 www.abx4.com 127.0.0.1 www.acezip.net 127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net 127.0.0.1 d.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 t.abnad.net
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 a-commando.info 127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 gtcc1.acecounter.com
127.0.0.1 gtp1.acecounter.com
127.0.0.1 acestats.com
127.0.0.1 www.acestats.com

There are 10274 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : D2LD5V51

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Home



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : Home

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-11-11-46-A4-7F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.254.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.254.254

DHCP Server . . . . . . . . . . . : 192.168.254.254

DNS Servers . . . . . . . . . . . : 192.168.254.254

Lease Obtained. . . . . . . . . . : Sunday, April 08, 2012 10:13:40 PM

Lease Expires . . . . . . . . . . : Monday, September 30, 2019 1:13:40 PM

Server: MyRouter.Home
Address: 192.168.254.254

Name: google.com
Addresses: 74.125.227.128, 74.125.227.129, 74.125.227.130, 74.125.227.131
74.125.227.132, 74.125.227.133, 74.125.227.134, 74.125.227.135, 74.125.227.136
74.125.227.137, 74.125.227.142



Pinging google.com [74.125.227.128] with 32 bytes of data:



Reply from 74.125.227.128: bytes=32 time=35ms TTL=56

Reply from 74.125.227.128: bytes=32 time=37ms TTL=56



Ping statistics for 74.125.227.128:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 35ms, Maximum = 37ms, Average = 36ms

Server: MyRouter.Home
Address: 192.168.254.254

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=110ms TTL=50

Reply from 72.30.38.140: bytes=32 time=120ms TTL=49



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 110ms, Maximum = 120ms, Average = 115ms

Server: MyRouter.Home
Address: 192.168.254.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 46 a4 7f ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.254.254 192.168.254.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.254.0 255.255.255.0 192.168.254.2 192.168.254.2 20
192.168.254.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.254.255 255.255.255.255 192.168.254.2 192.168.254.2 20
224.0.0.0 240.0.0.0 192.168.254.2 192.168.254.2 20
255.255.255.255 255.255.255.255 192.168.254.2 192.168.254.2 1
Default Gateway: 192.168.254.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/09/2012 05:09:46 AM) (Source: HotFixInstaller) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2518864, P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.

Error: (04/09/2012 05:08:44 AM) (Source: HotFixInstaller) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2539631, P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.

Error: (04/09/2012 05:08:13 AM) (Source: HotFixInstaller) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481, P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.

Error: (04/09/2012 05:07:13 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1701.5039kb26563531033663finstallx865.1.2600.2.3.0.7680

Error: (04/09/2012 05:05:05 AM) (Source: HotFixInstaller) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb979909, P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.

Error: (04/08/2012 10:36:15 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (04/08/2012 10:35:41 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (04/08/2012 10:34:04 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/08/2012 10:34:02 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/08/2012 09:56:58 PM) (Source: HotFixInstaller) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2518864, P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.


System errors:
=============
Error: (04/09/2012 11:40:01 AM) (Source: Schedule) (User: )
Description: The At24.job command failed to start due to the following error:
%%2147942402

Error: (04/09/2012 10:40:01 AM) (Source: Schedule) (User: )
Description: The At22.job command failed to start due to the following error:
%%2147942402

Error: (04/09/2012 09:40:01 AM) (Source: Schedule) (User: )
Description: The At20.job command failed to start due to the following error:
%%2147942402

Error: (04/09/2012 08:40:02 AM) (Source: Schedule) (User: )
Description: The At18.job command failed to start due to the following error:
%%2147942402

Error: (04/09/2012 07:40:07 AM) (Source: Schedule) (User: )
Description: The At16.job command failed to start due to the following error:
%%2147942402

Error: (04/09/2012 06:40:01 AM) (Source: Schedule) (User: )
Description: The At14.job command failed to start due to the following error:
%%2147942402

Error: (04/09/2012 05:40:01 AM) (Source: Schedule) (User: )
Description: The At12.job command failed to start due to the following error:
%%2147942402

Error: (04/09/2012 05:13:33 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864).

Error: (04/09/2012 05:09:01 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2539631).

Error: (04/09/2012 05:08:20 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.


Microsoft Office Sessions:
=========================
Error: (04/09/2012 05:09:46 AM) (Source: HotFixInstaller)(User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb251886410331605msif9.0.40215.0installx86xp0

Error: (04/09/2012 05:08:44 AM) (Source: HotFixInstaller)(User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb253963110331605msif9.0.40215.0installx86xp0

Error: (04/09/2012 05:08:13 AM) (Source: HotFixInstaller)(User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb95848110331605msif9.0.31211.0installx86xp0

Error: (04/09/2012 05:07:13 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1701.5039kb26563531033663finstallx865.1.2600.2.3.0.7680

Error: (04/09/2012 05:05:05 AM) (Source: HotFixInstaller)(User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb97990910331605msif9.0.40302.0installx86xp0

Error: (04/08/2012 10:36:15 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (04/08/2012 10:35:41 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (04/08/2012 10:34:04 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (04/08/2012 10:34:02 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (04/08/2012 09:56:58 PM) (Source: HotFixInstaller)(User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb251886410331605msif9.0.40215.0installx86xp0


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.2.202.228)
Adobe Flash Player 11 Plugin (Version: 11.2.202.228)
Adobe Reader 7.1.0 (Version: 7.1.0)
Apple Software Update (Version: 2.1.1.116)
ArcSoft Camera Suite
ArcSoft PhotoStudio 5.5
avast! Free Antivirus (Version: 7.0.1426.0)
Avery® Wizard 2.1 for Microsoft® Word 2002
AVG Anti-Spyware 7.5
Banctec Service Agreement (Version: 1.10.0000)
Camera Window (Version: 4.5.2)
Canon Camera Window for ZoomBrowser EX (Version: 4.5.2)
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.0
Canon MP970 series User Registration
Canon My Printer
Canon PhotoRecord
Canon PIXMA iP4000
Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.0)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 0.9.0)
Canon Utilities Easy-PhotoPrint EX
Canon Utilities File Viewer Utility 1.3 (Version: 1.3.2)
Canon Utilities PhotoStitch 3.1 (Version: 3.1.10)
Canon Utilities RemoteCapture 2.7 (Version: 2.7.5)
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX (Version: 04.05.01148)
CCHelp (Version: 4.00.0000.0001)
CCScore (Version: 4.00.0000.0001)
Coupon Printer for Windows (Version: 2.0)
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Media Experience
Dell Networking Guide (Version: 1.00.0001)
Dell ResourceCD
Dell Support Center (Support Software) (Version: 2.2.08298)
DellSupport (Version: 6.0.3062)
DING! (Version: 1.04.010)
ESET Online Scanner v3
ESSAdpt (Version: 4.00.0000.0001)
ESSANUP (Version: 4.00.0000.0001)
ESSCAM (Version: 4.00.0000.0001)
ESSCDBK (Version: 4.00.0000.0001)
ESScore (Version: 4.00.0000.0102)
ESSgui (Version: 4.00.0000.0004)
ESShelp (Version: 4.00.0000.0003)
ESSini (Version: 4.00.0000.0007)
ESSPCD (Version: 4.00.0000.0001)
ESSSONIC (Version: 4.00.0000.0003)
ESSvpaht (Version: 4.00.0000.0003)
ESSvpot (Version: 4.00.0000.0001)
File Viewer Utility 1.3.2 (Version: 1.3.2)
Flock (2.6.2) (Version: 2.6.2 (en-US))
Google Chrome (Version: 18.0.1025.152)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
Google Updater (Version: 2.4.2432.1652)
HijackThis 1.99.1 (Version: 1.99.1)
HLPIndex (Version: 4.00.0000.0003)
HLPRFO (Version: 4.00.0000.0004)
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® PRO Network Adapters and Drivers
Intel® PROSet (Version: 6.05.2001)
Internet Explorer Default Page (Version: 1.00.03)
Jasc Paint Shop Photo Album (Version: 4.0.3)
Jasc Paint Shop Pro 8 Dell Edition (Version: 8.10.0000)
Java Auto Updater (Version: 2.0.3.1)
Kaspersky Online Scanner (Version: 5.0)
Kodak EasyShare software
KSU (Version: 632.62.0002.0001)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Encarta Encyclopedia Standard 2004 (Version: 2004)
Microsoft IntelliPoint 7.0 (Version: 7.0.260.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004 (Version: 12.0.50)
Microsoft Money 2004 System Pack (Version: 12.0.80)
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo Premium 9 (Version: 9.0.0.0000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Streets and Trips 2004 (Version: 11.00.18.1900)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Web Publishing Wizard 1.52
Microsoft Word 2002 (Version: 10.0.6626.0)
Microsoft Works (Version: 07.03.0719)
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word (Version: 7.0.0.0000)
Modem Event Monitor
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Musicmatch® Jukebox (Version: 10.00.4033)
Nero 7 Essentials (Version: 7.02.9753)
neroxml (Version: 1.0.0)
Network Magic (Version: 4.9.8225.0)
Notifier (Version: 4.00.0000.0001)
OTtBP (Version: 4.00.0000.0003)
OTtBPSDK (Version: 4.00.0000.0000)
PCDADDIN (Version: 4.00.0000.0001)
PCDHELP (Version: 4.0000.0000.0002)
PCDLNCH (Version: 4.00.0000.0101)
PhotoStitch (Version: 3.1.10)
PowerDVD 5.1
Pure Networks Platform (Version: 10.2.8216.0)
QuickBooks (Version: 19.0.4013.705)
QuickBooks Pro 2009 (Version: 19.0.4013.705)
QuickTime (Version: 7.55.90.70)
RAW Image Task (Version: 0.9.0)
RealPlayer Basic
RemoteCapture 2.7.5 (Version: 2.7.5)
RemoteCapture Task (Version: 0.9.0)
ScanSoft OmniPage SE 4 (Version: 15.2.0020)
SFR (Version: 3.03.0000.0001)
SFR2 (Version: 3.03.0000.0002)
Shockwave
Sonic DLA (Version: 4.90)
Sonic RecordNow! (Version: 7.10)
Sonic Update Manager (Version: 2.9)
Spybot - Search & Destroy (Version: 1.6.2)
Spybot - Search & Destroy 1.4 (Version: 1.4)
SUPERAntiSpyware Free Edition (Version: 3.7.0.1018)
SupportSoft Assisted Service (Version: 15)
TBS WMP Plug-in (Version: 1.00.007)
The Print Shop 20 (Version: 20.00.0000)
The Weather Channel
Unlocker 1.8.5 (Version: 1.8.5)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Viewpoint Media Player
VPRINTOL (Version: 4.00.0000.0001)
WebCyberCoach 3.2 Dell
WebFldrs XP (Version: 9.50.7523)
Windows Backup Utility (Version: 5.1)
Windows Defender (Version: 1.1.1593.14)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0059.1)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Install Manager
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 509.98 MB
Available physical RAM: 229.71 MB
Total Pagefile: 1247.2 MB
Available Pagefile: 864.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.02 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:70.94 GB) (Free:32.68 GB) NTFS

**** End of log ****


I also did another aswMBR quickscan to see if the previous infected temp file was gone and it was


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-10 02:11:18
-----------------------------
02:11:18.593 OS Version: Windows 5.1.2600 Service Pack 3
02:11:18.593 Number of processors: 2 586 0x304
02:11:18.593 ComputerName: D2LD5V51 UserName: Kirk
02:11:23.656 Initialize success
02:11:30.000 AVAST engine defs: 12040901
02:11:44.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
02:11:44.078 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
02:11:44.093 Disk 0 MBR read successfully
02:11:44.093 Disk 0 MBR scan
02:11:44.093 Disk 0 unknown MBR code
02:11:44.093 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
02:11:44.109 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 72645 MB offset 96390
02:11:44.140 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3584 MB offset 148890420
02:11:44.140 Disk 0 scanning sectors +156232125
02:11:44.265 Disk 0 scanning C:\WINDOWS\system32\drivers
02:12:23.453 Service scanning
02:13:19.953 Modules scanning
02:13:51.968 Disk 0 trace - called modules:
02:13:51.984 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
02:13:52.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b66298]
02:13:52.000 3 CLASSPNP.SYS[f8638fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82b66d98]
02:13:53.953 AVAST engine scan C:\WINDOWS
02:14:25.468 AVAST engine scan C:\WINDOWS\system32
02:20:58.156 AVAST engine scan C:\WINDOWS\system32\drivers
02:21:28.343 AVAST engine scan C:\Documents and Settings\Kirk
02:47:05.703 AVAST engine scan C:\Documents and Settings\All Users
02:52:48.296 Scan finished successfully
02:55:23.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kirk\My Documents\Documents\MBR.dat"
02:55:23.093 The log file has been saved successfully to "C:\Documents and Settings\Kirk\My Documents\Documents\NewaswMBR.txt"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:43 PM

Posted 11 April 2012 - 04:23 AM

good

Download hosts fix

http://go.microsoft.com/?linkid=9668866

Run the fixit

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users