Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nginx infection


  • Please log in to reply
9 replies to this topic

#1 skolko

skolko

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 29 May 2012 - 11:38 PM

Hello,

Have a Windows Vista Home Premium system on 32 bit Operating system. Use Mozilla Firefox internet browser.

When I launch Google the blank page with "Welcome to Nginx" is present instead of a Google start page.

Am I infected? Re-launched several times, over and over, still the same problem.

I use McAfee Antivirus Plus. Scanned the system - nothing found.

Checked this forum, found a similar thread. Downloaded and launched TDSSkiller. Clicked on change parameters- Selected TDLFS file system

Clicked on "Scan" - no objects detected, nothing found. Can post the Log if necessary.

The Welcome to Nginx is always there instead of Google start page.

Would appreciate your help.

Thanks in advance!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:21 PM

Posted 29 May 2012 - 11:49 PM

Please post the TDSSkiller log

Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here


Download

Rogue killer

right click on it and select run as administrator

Now,click on HOSTS FIX option on right side

A log should get generated after the fix ,post the log here

#3 skolko

skolko
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 29 May 2012 - 11:57 PM

narenxp, thank you.

TDSSKIller Log:

23:54:28.0450 7652 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
23:54:30.0453 7652 ============================================================
23:54:30.0453 7652 Current date / time: 2012/05/29 23:54:30.0453
23:54:30.0453 7652 SystemInfo:
23:54:30.0453 7652
23:54:30.0453 7652 OS Version: 6.0.6001 ServicePack: 1.0
23:54:30.0453 7652 Product type: Workstation
23:54:30.0453 7652 ComputerName:
23:54:30.0454 7652 UserName:
23:54:30.0454 7652 Windows directory: C:\Windows
23:54:30.0454 7652 System windows directory: C:\Windows
23:54:30.0454 7652 Processor architecture: Intel x86
23:54:30.0454 7652 Number of processors: 4
23:54:30.0454 7652 Page size: 0x1000
23:54:30.0454 7652 Boot type: Normal boot
23:54:30.0454 7652 ============================================================
23:54:32.0248 7652 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:54:32.0251 7652 ============================================================
23:54:32.0251 7652 \Device\Harddisk0\DR0:
23:54:32.0267 7652 MBR partitions:
23:54:32.0267 7652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000
23:54:32.0267 7652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x24016000
23:54:32.0267 7652 ============================================================
23:54:32.0323 7652 C: <-> \Device\Harddisk0\DR0\Partition1
23:54:32.0501 7652 D: <-> \Device\Harddisk0\DR0\Partition0
23:54:32.0502 7652 ============================================================
23:54:32.0502 7652 Initialize success
23:54:32.0502 7652 ============================================================
23:55:13.0214 6448 ============================================================
23:55:13.0214 6448 Scan started
23:55:13.0214 6448 Mode: Manual; TDLFS;
23:55:13.0214 6448 ============================================================
23:55:14.0687 6448 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
23:55:14.0693 6448 ACPI - ok
23:55:14.0818 6448 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
23:55:14.0825 6448 adp94xx - ok
23:55:14.0987 6448 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
23:55:14.0993 6448 adpahci - ok
23:55:15.0122 6448 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
23:55:15.0125 6448 adpu160m - ok
23:55:15.0256 6448 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
23:55:15.0260 6448 adpu320 - ok
23:55:15.0390 6448 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
23:55:15.0399 6448 AeLookupSvc - ok
23:55:15.0522 6448 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
23:55:15.0528 6448 AFD - ok
23:55:15.0683 6448 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
23:55:15.0686 6448 agp440 - ok
23:55:15.0715 6448 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:55:15.0733 6448 aic78xx - ok
23:55:15.0791 6448 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
23:55:15.0793 6448 ALG - ok
23:55:15.0843 6448 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
23:55:15.0845 6448 aliide - ok
23:55:15.0927 6448 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
23:55:15.0929 6448 amdagp - ok
23:55:15.0976 6448 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
23:55:15.0999 6448 amdide - ok
23:55:16.0097 6448 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
23:55:16.0104 6448 AmdK7 - ok
23:55:16.0168 6448 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
23:55:16.0179 6448 AmdK8 - ok
23:55:16.0252 6448 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
23:55:16.0254 6448 Appinfo - ok
23:55:16.0438 6448 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
23:55:16.0440 6448 Apple Mobile Device - ok
23:55:16.0554 6448 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
23:55:16.0557 6448 arc - ok
23:55:16.0662 6448 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
23:55:16.0664 6448 arcsas - ok
23:55:16.0700 6448 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:55:16.0702 6448 AsyncMac - ok
23:55:16.0736 6448 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
23:55:16.0738 6448 atapi - ok
23:55:16.0814 6448 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
23:55:16.0817 6448 AudioEndpointBuilder - ok
23:55:16.0823 6448 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
23:55:16.0826 6448 Audiosrv - ok
23:55:16.0942 6448 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:55:16.0943 6448 Beep - ok
23:55:17.0066 6448 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
23:55:17.0077 6448 BFE - ok
23:55:17.0304 6448 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
23:55:17.0313 6448 BITS - ok
23:55:17.0317 6448 blbdrive - ok
23:55:17.0706 6448 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
23:55:17.0710 6448 Bonjour Service - ok
23:55:17.0860 6448 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
23:55:17.0863 6448 bowser - ok
23:55:17.0900 6448 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:55:17.0903 6448 BrFiltLo - ok
23:55:18.0000 6448 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:55:18.0009 6448 BrFiltUp - ok
23:55:18.0101 6448 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
23:55:18.0103 6448 Browser - ok
23:55:18.0319 6448 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:55:18.0322 6448 Brserid - ok
23:55:18.0430 6448 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:55:18.0432 6448 BrSerWdm - ok
23:55:18.0523 6448 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:55:18.0591 6448 BrUsbMdm - ok
23:55:18.0656 6448 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:55:18.0658 6448 BrUsbSer - ok
23:55:18.0706 6448 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:55:18.0708 6448 BTHMODEM - ok
23:55:18.0847 6448 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:55:18.0862 6448 cdfs - ok
23:55:18.0978 6448 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
23:55:18.0981 6448 cdrom - ok
23:55:19.0088 6448 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
23:55:19.0092 6448 CertPropSvc - ok
23:55:19.0156 6448 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\Windows\system32\drivers\cfwids.sys
23:55:19.0260 6448 cfwids - ok
23:55:19.0356 6448 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
23:55:19.0359 6448 circlass - ok
23:55:19.0460 6448 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
23:55:19.0466 6448 CLFS - ok
23:55:19.0943 6448 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:55:20.0105 6448 clr_optimization_v2.0.50727_32 - ok
23:55:20.0647 6448 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:55:20.0767 6448 clr_optimization_v4.0.30319_32 - ok
23:55:20.0843 6448 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
23:55:20.0845 6448 cmdide - ok
23:55:20.0891 6448 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
23:55:20.0916 6448 Compbatt - ok
23:55:20.0938 6448 COMSysApp - ok
23:55:20.0984 6448 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
23:55:20.0985 6448 crcdisk - ok
23:55:21.0010 6448 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
23:55:21.0012 6448 Crusoe - ok
23:55:21.0070 6448 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
23:55:21.0080 6448 CryptSvc - ok
23:55:22.0629 6448 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
23:55:22.0636 6448 DcomLaunch - ok
23:55:22.0897 6448 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
23:55:22.0948 6448 DfsC - ok
23:55:26.0595 6448 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
23:55:27.0297 6448 DFSR - ok
23:55:28.0057 6448 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
23:55:28.0066 6448 Dhcp - ok
23:55:28.0425 6448 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
23:55:28.0427 6448 disk - ok
23:55:28.0497 6448 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
23:55:28.0499 6448 Dnscache - ok
23:55:28.0760 6448 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
23:55:28.0834 6448 dot3svc - ok
23:55:29.0242 6448 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
23:55:29.0244 6448 DPS - ok
23:55:29.0459 6448 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:55:29.0462 6448 drmkaud - ok
23:55:29.0982 6448 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
23:55:30.0059 6448 DXGKrnl - ok
23:55:30.0441 6448 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
23:55:30.0447 6448 e1express - ok
23:55:30.0534 6448 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:55:30.0537 6448 E1G60 - ok
23:55:30.0720 6448 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
23:55:30.0721 6448 EapHost - ok
23:55:31.0030 6448 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
23:55:31.0035 6448 Ecache - ok
23:55:31.0412 6448 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
23:55:31.0444 6448 ehRecvr - ok
23:55:31.0537 6448 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
23:55:31.0540 6448 ehSched - ok
23:55:31.0633 6448 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
23:55:31.0642 6448 ehstart - ok
23:55:31.0824 6448 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
23:55:31.0830 6448 elxstor - ok
23:55:32.0228 6448 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
23:55:32.0234 6448 EMDMgmt - ok
23:55:32.0491 6448 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
23:55:32.0494 6448 EventSystem - ok
23:55:32.0597 6448 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
23:55:32.0601 6448 exfat - ok
23:55:32.0755 6448 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
23:55:32.0759 6448 fastfat - ok
23:55:32.0889 6448 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:55:32.0902 6448 fdc - ok
23:55:32.0989 6448 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
23:55:32.0990 6448 fdPHost - ok
23:55:33.0124 6448 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
23:55:33.0126 6448 FDResPub - ok
23:55:33.0155 6448 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:55:33.0167 6448 FileInfo - ok
23:55:33.0252 6448 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:55:33.0254 6448 Filetrace - ok
23:55:33.0307 6448 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:55:33.0314 6448 flpydisk - ok
23:55:33.0602 6448 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
23:55:33.0613 6448 FltMgr - ok
23:55:33.0873 6448 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:55:33.0876 6448 FontCache3.0.0.0 - ok
23:55:33.0981 6448 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:55:33.0982 6448 Fs_Rec - ok
23:55:34.0059 6448 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
23:55:34.0061 6448 gagp30kx - ok
23:55:34.0108 6448 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:55:34.0232 6448 GEARAspiWDM - ok
23:55:34.0862 6448 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
23:55:34.0863 6448 GoogleDesktopManager-051210-111108 - ok
23:55:35.0563 6448 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
23:55:35.0577 6448 gpsvc - ok
23:55:36.0093 6448 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
23:55:36.0290 6448 gupdate - ok
23:55:36.0344 6448 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
23:55:36.0448 6448 gupdatem - ok
23:55:36.0818 6448 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:55:36.0933 6448 gusvc - ok
23:55:37.0182 6448 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:55:37.0207 6448 HDAudBus - ok
23:55:37.0322 6448 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:55:37.0324 6448 HidBth - ok
23:55:37.0380 6448 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:55:37.0382 6448 HidIr - ok
23:55:37.0498 6448 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
23:55:37.0500 6448 hidserv - ok
23:55:37.0676 6448 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
23:55:37.0698 6448 HidUsb - ok
23:55:37.0909 6448 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
23:55:37.0962 6448 hkmsvc - ok
23:55:37.0994 6448 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
23:55:38.0038 6448 HpCISSs - ok
23:55:38.0248 6448 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
23:55:38.0288 6448 HTTP - ok
23:55:38.0414 6448 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
23:55:38.0416 6448 i2omp - ok
23:55:38.0547 6448 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:55:38.0550 6448 i8042prt - ok
23:55:38.0606 6448 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
23:55:38.0610 6448 iaStorV - ok
23:55:38.0934 6448 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:55:38.0958 6448 IDriverT - ok
23:55:39.0476 6448 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:55:39.0522 6448 idsvc - ok
23:55:39.0552 6448 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:55:39.0554 6448 iirsp - ok
23:55:39.0850 6448 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
23:55:39.0854 6448 IKEEXT - ok
23:55:40.0725 6448 IntcAzAudAddService (4e38a2883df3ba382a59132b3e7d709e) C:\Windows\system32\drivers\RTKVHDA.sys
23:55:40.0911 6448 IntcAzAudAddService - ok
23:55:41.0805 6448 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\drivers\intelide.sys
23:55:41.0807 6448 intelide - ok
23:55:41.0851 6448 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:55:41.0878 6448 intelppm - ok
23:55:41.0962 6448 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
23:55:42.0010 6448 IPBusEnum - ok
23:55:42.0226 6448 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:55:42.0228 6448 IpFilterDriver - ok
23:55:42.0344 6448 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
23:55:42.0352 6448 iphlpsvc - ok
23:55:42.0357 6448 IpInIp - ok
23:55:42.0489 6448 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
23:55:42.0491 6448 IPMIDRV - ok
23:55:42.0671 6448 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:55:42.0674 6448 IPNAT - ok
23:55:43.0508 6448 iPod Service (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe
23:55:43.0512 6448 iPod Service - ok
23:55:43.0582 6448 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:55:43.0584 6448 IRENUM - ok
23:55:43.0747 6448 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
23:55:43.0771 6448 isapnp - ok
23:55:44.0155 6448 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
23:55:44.0160 6448 iScsiPrt - ok
23:55:44.0185 6448 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:55:44.0201 6448 iteatapi - ok
23:55:44.0253 6448 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:55:44.0290 6448 iteraid - ok
23:55:44.0374 6448 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:55:44.0376 6448 kbdclass - ok
23:55:44.0470 6448 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
23:55:44.0497 6448 kbdhid - ok
23:55:44.0560 6448 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
23:55:44.0562 6448 KeyIso - ok
23:55:44.0846 6448 KodakSvc (2b5ec87f403cf6d14e4c59469a31218d) C:\Program Files\Kodak\printer\center\KodakSvc.exe
23:55:44.0848 6448 KodakSvc - ok
23:55:45.0218 6448 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
23:55:45.0239 6448 KSecDD - ok
23:55:45.0317 6448 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
23:55:45.0329 6448 KtmRm - ok
23:55:45.0457 6448 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
23:55:45.0462 6448 LanmanServer - ok
23:55:45.0801 6448 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
23:55:45.0806 6448 LanmanWorkstation - ok
23:55:46.0797 6448 Lavasoft Ad-Aware Service (93b3ef77866490c7daba054f6cbfcd51) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
23:55:46.0817 6448 Lavasoft Ad-Aware Service - ok
23:55:47.0127 6448 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
23:55:47.0129 6448 Lavasoft Kernexplorer - ok
23:55:48.0016 6448 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
23:55:48.0154 6448 Lbd - ok
23:55:48.0348 6448 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:55:48.0350 6448 lltdio - ok
23:55:48.0570 6448 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
23:55:48.0576 6448 lltdsvc - ok
23:55:48.0707 6448 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
23:55:48.0709 6448 lmhosts - ok
23:55:48.0890 6448 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
23:55:48.0893 6448 LSI_FC - ok
23:55:48.0987 6448 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
23:55:48.0989 6448 LSI_SAS - ok
23:55:49.0196 6448 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
23:55:49.0200 6448 LSI_SCSI - ok
23:55:49.0274 6448 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:55:49.0278 6448 luafv - ok
23:55:49.0305 6448 lxce_device - ok
23:55:49.0562 6448 McAfee SiteAdvisor Service (aac3b33ba020d2af530d694a5a920180) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
23:55:49.0564 6448 McAfee SiteAdvisor Service - ok
23:55:49.0970 6448 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
23:55:49.0975 6448 McComponentHostService - ok
23:55:50.0802 6448 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
23:55:50.0805 6448 McMPFSvc - ok
23:55:50.0832 6448 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:55:50.0834 6448 mcmscsvc - ok
23:55:50.0841 6448 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:55:50.0843 6448 McNaiAnn - ok
23:55:50.0852 6448 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:55:50.0854 6448 McNASvc - ok
23:55:51.0568 6448 McODS (42117cbc4849a5cf11129912dabbdeca) C:\Program Files\McAfee\VirusScan\mcods.exe
23:55:51.0700 6448 McODS - ok
23:55:51.0706 6448 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:55:51.0708 6448 McProxy - ok
23:55:52.0725 6448 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
23:55:52.0727 6448 McShield - ok
23:55:52.0850 6448 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
23:55:52.0853 6448 Mcx2Svc - ok
23:55:53.0333 6448 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
23:55:53.0359 6448 megasas - ok
23:55:53.0567 6448 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\Windows\system32\drivers\mfeapfk.sys
23:55:53.0773 6448 mfeapfk - ok
23:55:54.0325 6448 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\Windows\system32\drivers\mfeavfk.sys
23:55:54.0330 6448 mfeavfk - ok
23:55:54.0423 6448 mfeavfk01 - ok
23:55:54.0500 6448 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\Windows\system32\drivers\mfebopk.sys
23:55:54.0502 6448 mfebopk - ok
23:55:54.0633 6448 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
23:55:54.0634 6448 mfefire - ok
23:55:54.0911 6448 mfefirek (4ea6ff90015424517843e931448e00f1) C:\Windows\system32\drivers\mfefirek.sys
23:55:54.0920 6448 mfefirek - ok
23:55:55.0158 6448 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\Windows\system32\drivers\mfehidk.sys
23:55:55.0166 6448 mfehidk - ok
23:55:55.0251 6448 mfenlfk (ac04a618aef3de0fce91c766f9e069da) C:\Windows\system32\DRIVERS\mfenlfk.sys
23:55:55.0253 6448 mfenlfk - ok
23:55:55.0346 6448 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\Windows\system32\drivers\mferkdet.sys
23:55:55.0349 6448 mferkdet - ok
23:55:55.0396 6448 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\Windows\system32\drivers\mfetdi2k.sys
23:55:55.0398 6448 mfetdi2k - ok
23:55:55.0552 6448 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\Windows\system32\mfevtps.exe
23:55:55.0630 6448 mfevtp - ok
23:55:55.0675 6448 mfewfpk (f284337aedb7483df8a5fa840647e2b0) C:\Windows\system32\drivers\mfewfpk.sys
23:55:55.0678 6448 mfewfpk - ok
23:55:55.0717 6448 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:55:55.0724 6448 MMCSS - ok
23:55:55.0761 6448 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:55:55.0763 6448 Modem - ok
23:55:55.0838 6448 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:55:55.0866 6448 monitor - ok
23:55:55.0964 6448 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:55:55.0994 6448 mouclass - ok
23:55:56.0116 6448 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:55:56.0128 6448 mouhid - ok
23:55:56.0205 6448 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:55:56.0222 6448 MountMgr - ok
23:55:56.0322 6448 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:55:56.0421 6448 MozillaMaintenance - ok
23:55:56.0466 6448 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
23:55:56.0469 6448 mpio - ok
23:55:56.0497 6448 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:55:56.0499 6448 mpsdrv - ok
23:55:56.0557 6448 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
23:55:56.0567 6448 MpsSvc - ok
23:55:56.0598 6448 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:55:56.0599 6448 Mraid35x - ok
23:55:56.0731 6448 MRV6X32U (27454c7ce157ae14fe82070eee2504d5) C:\Windows\system32\DRIVERS\MRVW24B.sys
23:55:56.0752 6448 MRV6X32U - ok
23:55:56.0780 6448 Mrvleap (f87d977649d2d067697a3c331794785d) C:\Windows\system32\DRIVERS\mrveap32.sys
23:55:56.0847 6448 Mrvleap - ok
23:55:56.0859 6448 MRVW245 - ok
23:55:56.0927 6448 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
23:55:56.0930 6448 MRxDAV - ok
23:55:56.0969 6448 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:55:57.0189 6448 mrxsmb - ok
23:55:57.0243 6448 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:55:57.0248 6448 mrxsmb10 - ok
23:55:57.0298 6448 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:55:57.0495 6448 mrxsmb20 - ok
23:55:57.0558 6448 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
23:55:57.0560 6448 msahci - ok
23:55:57.0660 6448 MSCamSvc (b03e3f64b70f8031e65eb26da23de91a) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
23:55:57.0662 6448 MSCamSvc - ok
23:55:57.0736 6448 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
23:55:57.0739 6448 msdsm - ok
23:55:57.0918 6448 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
23:55:57.0923 6448 MSDTC - ok
23:55:58.0212 6448 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:55:58.0218 6448 Msfs - ok
23:55:58.0317 6448 MSHUSBVideo (7a0f9cbdbdb135113b9a3c138e20c85d) C:\Windows\system32\Drivers\nx6000.sys
23:55:58.0324 6448 MSHUSBVideo - ok
23:55:58.0353 6448 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:55:58.0355 6448 msisadrv - ok
23:55:58.0396 6448 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
23:55:58.0399 6448 MSiSCSI - ok
23:55:58.0404 6448 msiserver - ok
23:55:58.0442 6448 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:55:58.0450 6448 MSKSSRV - ok
23:55:58.0509 6448 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:55:58.0511 6448 MSPCLOCK - ok
23:55:58.0557 6448 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:55:58.0559 6448 MSPQM - ok
23:55:58.0607 6448 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
23:55:58.0615 6448 MsRPC - ok
23:55:58.0630 6448 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:55:58.0633 6448 mssmbios - ok
23:55:58.0649 6448 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:55:58.0650 6448 MSTEE - ok
23:55:58.0675 6448 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
23:55:58.0682 6448 Mup - ok
23:55:58.0727 6448 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
23:55:58.0734 6448 napagent - ok
23:55:58.0769 6448 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
23:55:58.0772 6448 NativeWifiP - ok
23:55:58.0816 6448 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
23:55:58.0826 6448 NDIS - ok
23:55:58.0868 6448 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:55:58.0878 6448 NdisTapi - ok
23:55:58.0907 6448 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:55:58.0916 6448 Ndisuio - ok
23:55:58.0959 6448 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
23:55:58.0969 6448 NdisWan - ok
23:55:59.0018 6448 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:55:59.0025 6448 NDProxy - ok
23:55:59.0038 6448 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:55:59.0045 6448 NetBIOS - ok
23:55:59.0087 6448 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
23:55:59.0091 6448 netbt - ok
23:55:59.0117 6448 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
23:55:59.0119 6448 Netlogon - ok
23:55:59.0147 6448 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
23:55:59.0159 6448 Netman - ok
23:55:59.0238 6448 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
23:55:59.0243 6448 netprofm - ok
23:55:59.0318 6448 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:55:59.0323 6448 NetTcpPortSharing - ok
23:55:59.0347 6448 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:55:59.0349 6448 nfrd960 - ok
23:55:59.0382 6448 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
23:55:59.0391 6448 NlaSvc - ok
23:55:59.0413 6448 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
23:55:59.0415 6448 Npfs - ok
23:55:59.0441 6448 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
23:55:59.0444 6448 nsi - ok
23:55:59.0477 6448 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:55:59.0480 6448 nsiproxy - ok
23:55:59.0581 6448 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
23:55:59.0598 6448 Ntfs - ok
23:55:59.0623 6448 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:55:59.0625 6448 ntrigdigi - ok
23:55:59.0680 6448 nTuneService - ok
23:55:59.0728 6448 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
23:55:59.0729 6448 NuidFltr - ok
23:55:59.0742 6448 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:55:59.0744 6448 Null - ok
23:55:59.0826 6448 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
23:56:00.0048 6448 NVENETFD - ok
23:56:00.0776 6448 nvlddmkm (d712015621c0470c40d2afba8dff636d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:56:01.0046 6448 nvlddmkm - ok
23:56:01.0112 6448 NVR0Dev (812f257ed1cd53fcb1f9f9cc910f4809) C:\Windows\nvoclock.sys
23:56:01.0223 6448 NVR0Dev - ok
23:56:01.0452 6448 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
23:56:01.0454 6448 nvraid - ok
23:56:01.0498 6448 nvrd32 (049e81b6fb41c73619ed3fe4df7d8638) C:\Windows\system32\drivers\nvrd32.sys
23:56:01.0616 6448 nvrd32 - ok
23:56:01.0650 6448 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
23:56:01.0652 6448 nvstor - ok
23:56:01.0706 6448 nvstor32 (7eba6c9a0a295b1559efb9062e701218) C:\Windows\system32\drivers\nvstor32.sys
23:56:01.0707 6448 nvstor32 - ok
23:56:01.0743 6448 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
23:56:01.0746 6448 nv_agp - ok
23:56:01.0752 6448 NwlnkFlt - ok
23:56:01.0762 6448 NwlnkFwd - ok
23:56:02.0041 6448 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:56:02.0170 6448 odserv - ok
23:56:02.0247 6448 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
23:56:02.0249 6448 ohci1394 - ok
23:56:02.0289 6448 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:56:02.0292 6448 ose - ok
23:56:02.0368 6448 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
23:56:02.0384 6448 p2pimsvc - ok
23:56:02.0396 6448 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
23:56:02.0407 6448 p2psvc - ok
23:56:02.0485 6448 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:56:02.0487 6448 Parport - ok
23:56:02.0520 6448 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
23:56:02.0522 6448 partmgr - ok
23:56:02.0537 6448 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:56:02.0539 6448 Parvdm - ok
23:56:02.0573 6448 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
23:56:02.0580 6448 PcaSvc - ok
23:56:02.0700 6448 PcCtlCom (b4b16033f6dad8f43cb8b8f9c5da8561) C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
23:56:02.0723 6448 PcCtlCom - ok
23:56:02.0895 6448 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
23:56:02.0901 6448 pci - ok
23:56:02.0947 6448 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
23:56:02.0949 6448 pciide - ok
23:56:03.0000 6448 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:56:03.0003 6448 pcmcia - ok
23:56:03.0142 6448 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:56:03.0156 6448 PEAUTH - ok
23:56:03.0307 6448 pgsql-8.3 (acc93675d78d1c07dad09d7837f2397a) C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
23:56:03.0309 6448 pgsql-8.3 - ok
23:56:03.0414 6448 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
23:56:03.0448 6448 pla - ok
23:56:03.0525 6448 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
23:56:03.0530 6448 PlugPlay - ok
23:56:03.0594 6448 pmxmouse (fab495f1defeb596c44b9752a25e2a60) C:\Windows\system32\DRIVERS\pmxmouse.sys
23:56:03.0596 6448 pmxmouse - ok
23:56:03.0651 6448 pmxusblf (020eae9dfe3cd277994ce60e4c2c71cf) C:\Windows\system32\DRIVERS\pmxusblf.sys
23:56:03.0738 6448 pmxusblf - ok
23:56:03.0825 6448 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
23:56:03.0833 6448 PNRPAutoReg - ok
23:56:03.0842 6448 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
23:56:03.0850 6448 PNRPsvc - ok
23:56:03.0906 6448 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
23:56:03.0912 6448 PolicyAgent - ok
23:56:03.0953 6448 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:56:03.0955 6448 PptpMiniport - ok
23:56:03.0996 6448 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
23:56:03.0998 6448 Processor - ok
23:56:04.0036 6448 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
23:56:04.0044 6448 ProfSvc - ok
23:56:04.0075 6448 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
23:56:04.0077 6448 ProtectedStorage - ok
23:56:04.0176 6448 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
23:56:04.0204 6448 PSched - ok
23:56:04.0235 6448 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
23:56:04.0245 6448 PxHelp20 - ok
23:56:04.0344 6448 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
23:56:04.0391 6448 ql2300 - ok
23:56:04.0467 6448 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:56:04.0471 6448 ql40xx - ok
23:56:04.0688 6448 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
23:56:04.0702 6448 QWAVE - ok
23:56:04.0750 6448 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:56:04.0752 6448 QWAVEdrv - ok
23:56:04.0970 6448 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
23:56:05.0012 6448 R300 - ok
23:56:05.0148 6448 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:56:05.0154 6448 RasAcd - ok
23:56:05.0181 6448 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
23:56:05.0191 6448 RasAuto - ok
23:56:05.0229 6448 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:56:05.0236 6448 Rasl2tp - ok
23:56:05.0261 6448 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
23:56:05.0266 6448 RasMan - ok
23:56:05.0280 6448 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
23:56:05.0284 6448 RasPppoe - ok
23:56:05.0314 6448 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
23:56:05.0316 6448 RasSstp - ok
23:56:05.0336 6448 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
23:56:05.0344 6448 rdbss - ok
23:56:05.0359 6448 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:56:05.0361 6448 RDPCDD - ok
23:56:05.0413 6448 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
23:56:05.0418 6448 rdpdr - ok
23:56:05.0424 6448 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:56:05.0426 6448 RDPENCDD - ok
23:56:05.0454 6448 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
23:56:05.0458 6448 RDPWD - ok
23:56:05.0509 6448 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
23:56:05.0517 6448 RemoteAccess - ok
23:56:05.0761 6448 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
23:56:05.0768 6448 RemoteRegistry - ok
23:56:05.0813 6448 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
23:56:05.0815 6448 RimUsb - ok
23:56:06.0005 6448 RoxMediaDB9 (ebcde8b48fadc6479d96a56d0a432160) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
23:56:06.0197 6448 RoxMediaDB9 - ok
23:56:06.0288 6448 RoxWatch9 (ab2b1de1c8f31efce2384b14b3dc4260) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
23:56:06.0290 6448 RoxWatch9 - ok
23:56:06.0316 6448 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
23:56:06.0319 6448 RpcLocator - ok
23:56:06.0425 6448 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
23:56:06.0436 6448 RpcSs - ok
23:56:06.0520 6448 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:56:06.0522 6448 rspndr - ok
23:56:06.0584 6448 RTL8187B (c6ff3fd19960d757b2289107150140f4) C:\Windows\system32\DRIVERS\RTL8187B.sys
23:56:06.0709 6448 RTL8187B - ok
23:56:06.0758 6448 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
23:56:06.0761 6448 SamSs - ok
23:56:06.0904 6448 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:56:06.0907 6448 sbp2port - ok
23:56:06.0949 6448 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
23:56:06.0958 6448 SCardSvr - ok
23:56:07.0159 6448 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
23:56:07.0166 6448 Schedule - ok
23:56:07.0286 6448 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
23:56:07.0290 6448 SCPolicySvc - ok
23:56:07.0336 6448 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
23:56:07.0344 6448 SDRSVC - ok
23:56:07.0395 6448 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:56:07.0398 6448 secdrv - ok
23:56:07.0538 6448 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
23:56:07.0542 6448 seclogon - ok
23:56:07.0603 6448 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
23:56:07.0610 6448 SENS - ok
23:56:07.0641 6448 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:56:07.0643 6448 Serenum - ok
23:56:07.0773 6448 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:56:07.0777 6448 Serial - ok
23:56:07.0833 6448 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:56:07.0852 6448 sermouse - ok
23:56:07.0985 6448 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
23:56:08.0001 6448 SessionEnv - ok
23:56:08.0067 6448 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
23:56:08.0070 6448 sffdisk - ok
23:56:08.0101 6448 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
23:56:08.0102 6448 sffp_mmc - ok
23:56:08.0122 6448 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
23:56:08.0125 6448 sffp_sd - ok
23:56:08.0146 6448 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:56:08.0147 6448 sfloppy - ok
23:56:08.0191 6448 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
23:56:08.0198 6448 SharedAccess - ok
23:56:08.0331 6448 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
23:56:08.0336 6448 ShellHWDetection - ok
23:56:08.0357 6448 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
23:56:08.0359 6448 sisagp - ok
23:56:08.0450 6448 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
23:56:08.0452 6448 SiSRaid2 - ok
23:56:08.0585 6448 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
23:56:08.0587 6448 SiSRaid4 - ok
23:56:08.0837 6448 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
23:56:13.0917 6448 SkypeUpdate - ok
23:56:17.0973 6448 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
23:56:17.0998 6448 slsvc - ok
23:56:18.0270 6448 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
23:56:18.0295 6448 SLUINotify - ok
23:56:18.0668 6448 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
23:56:18.0675 6448 Smb - ok
23:56:18.0729 6448 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
23:56:18.0741 6448 SNMPTRAP - ok
23:56:18.0818 6448 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:56:18.0825 6448 spldr - ok
23:56:19.0097 6448 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
23:56:19.0102 6448 Spooler - ok
23:56:19.0194 6448 sprtsvc_dellsupportcenter - ok
23:56:19.0282 6448 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
23:56:19.0526 6448 srv - ok
23:56:19.0712 6448 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
23:56:19.0715 6448 srv2 - ok
23:56:19.0851 6448 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
23:56:19.0898 6448 srvnet - ok
23:56:19.0967 6448 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
23:56:19.0975 6448 SSDPSRV - ok
23:56:20.0168 6448 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
23:56:20.0177 6448 SstpSvc - ok
23:56:20.0242 6448 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
23:56:20.0252 6448 stisvc - ok
23:56:20.0516 6448 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:56:20.0607 6448 stllssvr - ok
23:56:20.0656 6448 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:56:20.0660 6448 swenum - ok
23:56:21.0032 6448 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
23:56:21.0046 6448 swprv - ok
23:56:21.0161 6448 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:56:21.0164 6448 Symc8xx - ok
23:56:21.0266 6448 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:56:21.0275 6448 Sym_hi - ok
23:56:21.0438 6448 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:56:21.0440 6448 Sym_u3 - ok
23:56:21.0682 6448 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
23:56:21.0691 6448 SysMain - ok
23:56:21.0774 6448 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
23:56:21.0785 6448 TabletInputService - ok
23:56:21.0876 6448 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
23:56:21.0886 6448 TapiSrv - ok
23:56:21.0931 6448 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
23:56:21.0939 6448 TBS - ok
23:56:22.0230 6448 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
23:56:22.0239 6448 Tcpip - ok
23:56:22.0256 6448 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
23:56:22.0267 6448 Tcpip6 - ok
23:56:22.0282 6448 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
23:56:22.0283 6448 tcpipreg - ok
23:56:22.0322 6448 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:56:22.0323 6448 TDPIPE - ok
23:56:22.0414 6448 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:56:22.0415 6448 TDTCP - ok
23:56:22.0477 6448 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
23:56:22.0480 6448 tdx - ok
23:56:22.0705 6448 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
23:56:22.0706 6448 TermDD - ok
23:56:22.0855 6448 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
23:56:22.0870 6448 TermService - ok
23:56:22.0983 6448 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
23:56:22.0989 6448 Themes - ok
23:56:23.0070 6448 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:56:23.0077 6448 THREADORDER - ok
23:56:23.0408 6448 tmcfw (3929c6784db38788d76a88d9c4043dee) C:\Windows\system32\DRIVERS\TM_CFW.sys
23:56:23.0483 6448 tmcfw - ok
23:56:23.0634 6448 Tmntsrv (d1a2c07d138bdf999dd292f2a7036592) C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
23:56:23.0638 6448 Tmntsrv - ok
23:56:23.0790 6448 TmPfw (a0393d932e8d408c06fab0ec0124e7d0) C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
23:56:23.0799 6448 TmPfw - ok
23:56:24.0346 6448 tmpreflt (0c89809f1df614bd42093a446b222a32) C:\Windows\system32\DRIVERS\tmpreflt.sys
23:56:24.0413 6448 tmpreflt - ok
23:56:24.0684 6448 tmproxy (636597ea77a6180406b95b07b078c35c) C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
23:56:24.0901 6448 tmproxy - ok
23:56:24.0961 6448 tmtdi (264ea39fdebd0b5e9d49d79923ed91ad) C:\Windows\system32\DRIVERS\tmtdi.sys
23:56:25.0004 6448 tmtdi - ok
23:56:25.0165 6448 tmxpflt (3d473e97ff805dab903aa66f08286c90) C:\Windows\system32\drivers\TmXPFlt.sys
23:56:25.0282 6448 tmxpflt - ok
23:56:25.0327 6448 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
23:56:25.0331 6448 TrkWks - ok
23:56:25.0612 6448 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
23:56:25.0617 6448 TrustedInstaller - ok
23:56:25.0669 6448 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:56:25.0671 6448 tssecsrv - ok
23:56:25.0878 6448 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:56:25.0881 6448 tunmp - ok
23:56:25.0990 6448 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
23:56:25.0991 6448 tunnel - ok
23:56:26.0016 6448 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
23:56:26.0018 6448 uagp35 - ok
23:56:26.0081 6448 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
23:56:26.0086 6448 udfs - ok
23:56:26.0236 6448 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
23:56:26.0245 6448 UI0Detect - ok
23:56:26.0275 6448 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
23:56:26.0277 6448 uliagpkx - ok
23:56:26.0523 6448 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
23:56:26.0585 6448 uliahci - ok
23:56:26.0624 6448 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:56:26.0627 6448 UlSata - ok
23:56:26.0803 6448 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:56:26.0836 6448 ulsata2 - ok
23:56:26.0913 6448 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:56:26.0915 6448 umbus - ok
23:56:26.0978 6448 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
23:56:26.0988 6448 upnphost - ok
23:56:27.0059 6448 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
23:56:27.0060 6448 USBAAPL - ok
23:56:27.0110 6448 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
23:56:27.0112 6448 usbaudio - ok
23:56:27.0134 6448 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:56:27.0137 6448 usbccgp - ok
23:56:27.0260 6448 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:56:27.0263 6448 usbcir - ok
23:56:27.0394 6448 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
23:56:27.0397 6448 usbehci - ok
23:56:27.0472 6448 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
23:56:27.0476 6448 usbhub - ok
23:56:27.0522 6448 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
23:56:27.0525 6448 usbohci - ok
23:56:27.0593 6448 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:56:27.0594 6448 usbprint - ok
23:56:27.0648 6448 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:56:27.0650 6448 usbscan - ok
23:56:27.0756 6448 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:56:27.0758 6448 USBSTOR - ok
23:56:27.0865 6448 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
23:56:27.0866 6448 usbuhci - ok
23:56:27.0934 6448 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
23:56:27.0937 6448 usbvideo - ok
23:56:27.0990 6448 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
23:56:27.0993 6448 UxSms - ok
23:56:28.0151 6448 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
23:56:28.0207 6448 vds - ok
23:56:28.0276 6448 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
23:56:28.0279 6448 vga - ok
23:56:28.0324 6448 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:56:28.0332 6448 VgaSave - ok
23:56:28.0380 6448 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
23:56:28.0382 6448 viaagp - ok
23:56:28.0679 6448 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
23:56:28.0681 6448 ViaC7 - ok
23:56:28.0714 6448 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
23:56:28.0716 6448 viaide - ok
23:56:28.0753 6448 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:56:28.0755 6448 volmgr - ok
23:56:28.0844 6448 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
23:56:28.0851 6448 volmgrx - ok
23:56:28.0921 6448 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
23:56:28.0926 6448 volsnap - ok
23:56:29.0565 6448 vsapint (50e1ea1dd3ea74919d7a1c5d6c9c0b56) C:\Windows\system32\DRIVERS\vsapint.sys
23:56:29.0700 6448 vsapint - ok
23:56:29.0772 6448 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
23:56:29.0776 6448 vsmraid - ok
23:56:29.0890 6448 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
23:56:29.0912 6448 VSS - ok
23:56:29.0977 6448 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
23:56:29.0982 6448 W32Time - ok
23:56:30.0035 6448 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:56:30.0037 6448 WacomPen - ok
23:56:30.0105 6448 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:56:30.0108 6448 Wanarp - ok
23:56:30.0113 6448 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:56:30.0114 6448 Wanarpv6 - ok
23:56:30.0155 6448 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
23:56:30.0172 6448 wcncsvc - ok
23:56:30.0199 6448 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
23:56:30.0205 6448 WcsPlugInService - ok
23:56:30.0295 6448 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
23:56:30.0315 6448 Wd - ok
23:56:30.0428 6448 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:56:30.0444 6448 Wdf01000 - ok
23:56:30.0482 6448 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:56:30.0490 6448 WdiServiceHost - ok
23:56:30.0495 6448 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:56:30.0503 6448 WdiSystemHost - ok
23:56:30.0551 6448 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
23:56:30.0556 6448 WebClient - ok
23:56:30.0627 6448 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
23:56:30.0736 6448 Wecsvc - ok
23:56:30.0777 6448 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
23:56:30.0806 6448 wercplsupport - ok
23:56:30.0847 6448 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
23:56:30.0852 6448 WerSvc - ok
23:56:30.0958 6448 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
23:56:30.0962 6448 WinDefend - ok
23:56:30.0972 6448 WinHttpAutoProxySvc - ok
23:56:31.0043 6448 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
23:56:31.0049 6448 Winmgmt - ok
23:56:31.0264 6448 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
23:56:31.0474 6448 WinRM - ok
23:56:31.0626 6448 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
23:56:31.0646 6448 Wlansvc - ok
23:56:31.0729 6448 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
23:56:31.0731 6448 WmiAcpi - ok
23:56:31.0799 6448 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
23:56:31.0807 6448 wmiApSrv - ok
23:56:31.0957 6448 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:56:31.0966 6448 WMPNetworkSvc - ok
23:56:31.0999 6448 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
23:56:32.0008 6448 WPCSvc - ok
23:56:32.0047 6448 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
23:56:32.0052 6448 WPDBusEnum - ok
23:56:32.0102 6448 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
23:56:32.0103 6448 WpdUsb - ok
23:56:32.0401 6448 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:56:32.0415 6448 WPFFontCache_v0400 - ok
23:56:32.0466 6448 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:56:32.0469 6448 ws2ifsl - ok
23:56:32.0512 6448 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
23:56:32.0516 6448 wscsvc - ok
23:56:32.0523 6448 WSearch - ok
23:56:32.0976 6448 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
23:56:33.0010 6448 wuauserv - ok
23:56:33.0146 6448 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:56:33.0149 6448 WUDFRd - ok
23:56:33.0216 6448 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
23:56:33.0222 6448 wudfsvc - ok
23:56:33.0280 6448 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:56:33.0709 6448 \Device\Harddisk0\DR0 - ok
23:56:33.0763 6448 Boot (0x1200) (267448419e94f13ff61660996d9a3425) \Device\Harddisk0\DR0\Partition0
23:56:33.0775 6448 \Device\Harddisk0\DR0\Partition0 - ok
23:56:33.0779 6448 Boot (0x1200) (c0c3b01ac605b1d88f0194a62a218cb5) \Device\Harddisk0\DR0\Partition1
23:56:33.0781 6448 \Device\Harddisk0\DR0\Partition1 - ok
23:56:33.0784 6448 ============================================================
23:56:33.0784 6448 Scan finished
23:56:33.0784 6448 ============================================================
23:56:33.0799 7280 Detected object count: 0
23:56:33.0799 7280 Actual detected object count: 0

Am running the rest of your recommendations - will post the Logs once finished.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:21 PM

Posted 30 May 2012 - 05:37 AM

:thumbup2:

#5 skolko

skolko
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 30 May 2012 - 02:12 PM

Ran all processes. The "Welcome to Nginx" still there instead of the Google start page.

Rogue Killer LOG:

RogueKiller V7.5.1 [05/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User: carinkin pc [Admin rights]
Mode: HOSTSFix -- Date: 05/30/2012 15:06:36

¤¤¤ Bad processes: 4 ¤¤¤
[SUSP PATH] adawarebp.dll -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
[SUSP PATH] SmileboxTray.exe -- C:\Users\carinkin pc\AppData\Roaming\Smilebox\SmileboxTray.exe -> KILLED [TermProc]
[SUSP PATH] WeatherEye.exe -- C:\Users\carinkin pc\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe -> KILLED [TermProc]
[SUSP PATH] hujgjm1v.exe -- C:\Users\carinkin pc\Desktop\hujgjm1v.exe -> KILLED [TermProc]

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[1].txt >>
RKreport[1].txt

*****************************************
Gmer LOG:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-30 15:05:05
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\00000076 Hitachi_ rev.V54O
Running: hujgjm1v.exe; Driver: C:\Users\CARINK~1\AppData\Local\Temp\pflcafow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x812D15A8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x812D15D2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x812D15BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x812D1594]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80C341A0 5 Bytes JMP 812D1598 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 80DF02F0 5 Bytes JMP 812D15D6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 80E31AFE 7 Bytes JMP 812D15AC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 80E32155 5 Bytes JMP 812D15C2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90403340, 0x39C507, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[760] ntdll.dll!NtCreateFile 77BC7C78 5 Bytes JMP 00130FE5
.text C:\Windows\system32\services.exe[760] ntdll.dll!NtCreateProcess 77BC7D38 5 Bytes JMP 00130FD4
.text C:\Windows\system32\services.exe[760] ntdll.dll!NtProtectVirtualMemory 77BC85D8 5 Bytes JMP 0013000A
.text C:\Windows\system32\services.exe[760] kernel32.dll!GetStartupInfoW 77CD1929 5 Bytes JMP 00180090
.text C:\Windows\system32\services.exe[760] kernel32.dll!GetStartupInfoA 77CD19C9 5 Bytes JMP 00180F54
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateProcessW 77CD1C01 5 Bytes JMP 00180F1B
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateProcessA 77CD1C36 5 Bytes JMP 001800BC
.text C:\Windows\system32\services.exe[760] kernel32.dll!VirtualProtect 77CD1DD1 5 Bytes JMP 00180F79
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateNamedPipeW 77CD5C44 5 Bytes JMP 00180025
.text C:\Windows\system32\services.exe[760] kernel32.dll!LoadLibraryExW 77CF374A 5 Bytes JMP 00180F94
.text C:\Windows\system32\services.exe[760] kernel32.dll!LoadLibraryW 77CF382D 5 Bytes JMP 00180FAF
.text C:\Windows\system32\services.exe[760] kernel32.dll!VirtualProtectEx 77CF8F5E 5 Bytes JMP 0018006E
.text C:\Windows\system32\services.exe[760] kernel32.dll!LoadLibraryExA 77CF9649 5 Bytes JMP 00180051
.text C:\Windows\system32\services.exe[760] kernel32.dll!LoadLibraryA 77CF9671 5 Bytes JMP 00180036
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreatePipe 77D00474 5 Bytes JMP 0018007F
.text C:\Windows\system32\services.exe[760] kernel32.dll!GetProcAddress 77D1BAC6 5 Bytes JMP 00180F00
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateFileW 77D1CE4E 5 Bytes JMP 00180FDE
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateFileA 77D1D171 5 Bytes JMP 00180FEF
.text C:\Windows\system32\services.exe[760] kernel32.dll!CreateNamedPipeA 77D6462E 5 Bytes JMP 00180014
.text C:\Windows\system32\services.exe[760] kernel32.dll!WinExec 77D6580B 5 Bytes JMP 001800AB
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExA 7656B5E7 5 Bytes JMP 00190F8A
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyA 7656B8AE 5 Bytes JMP 0019002C
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyA 76570BF5 5 Bytes JMP 0019000A
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyW 7657B83D 5 Bytes JMP 00190FA5
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegCreateKeyExW 7657BCE1 5 Bytes JMP 00190051
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExA 7657D4E8 5 Bytes JMP 0019001B
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyW 76583CB0 5 Bytes JMP 00190FEF
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!RegOpenKeyExW 7658F09D 5 Bytes JMP 00190FCA
.text C:\Windows\system32\services.exe[760] msvcrt.dll!_wsystem 77508A47 5 Bytes JMP 001A0FA1
.text C:\Windows\system32\services.exe[760] msvcrt.dll!system 77508B63 5 Bytes JMP 001A002C
.text C:\Windows\system32\services.exe[760] msvcrt.dll!_creat 7750C6F1 5 Bytes JMP 001A001B
.text C:\Windows\system32\services.exe[760] msvcrt.dll!_open 7750DA7E 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\services.exe[760] msvcrt.dll!_wcreat 7750DC9E 5 Bytes JMP 001A0FC6
.text C:\Windows\system32\services.exe[760] msvcrt.dll!_wopen 7750DE79 5 Bytes JMP 001A0000
.text C:\Windows\system32\services.exe[760] WS2_32.dll!socket 77CA36D1 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\lsass.exe[772] ntdll.dll!NtCreateFile 77BC7C78 5 Bytes JMP 00190000
.text C:\Windows\system32\lsass.exe[772] ntdll.dll!NtCreateProcess 77BC7D38 5 Bytes JMP 00190011
.text C:\Windows\system32\lsass.exe[772] ntdll.dll!NtProtectVirtualMemory 77BC85D8 5 Bytes JMP 00190FE5
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!GetStartupInfoW 77CD1929 5 Bytes JMP 001A0F5C
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!GetStartupInfoA 77CD19C9 5 Bytes JMP 001A0098
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreateProcessW 77CD1C01 5 Bytes JMP 001A0F1F
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreateProcessA 77CD1C36 5 Bytes JMP 001A0F30
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!VirtualProtect 77CD1DD1 5 Bytes JMP 001A005B
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreateNamedPipeW 77CD5C44 5 Bytes JMP 001A0036
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!LoadLibraryExW 77CF374A 5 Bytes JMP 001A0F81
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!LoadLibraryW 77CF382D 5 Bytes JMP 001A0FB9
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!VirtualProtectEx 77CF8F5E 5 Bytes JMP 001A006C
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!LoadLibraryExA 77CF9649 5 Bytes JMP 001A0F9E
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!LoadLibraryA 77CF9671 5 Bytes JMP 001A0FD4
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreatePipe 77D00474 5 Bytes JMP 001A0087
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!GetProcAddress 77D1BAC6 5 Bytes JMP 001A0F0E
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreateFileW 77D1CE4E 5 Bytes JMP 001A001B
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreateFileA 77D1D171 5 Bytes JMP 001A0000
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!CreateNamedPipeA 77D6462E 5 Bytes JMP 001A0FE5
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!WinExec 77D6580B 5 Bytes JMP 001A0F4B
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyExA 7656B5E7 5 Bytes JMP 001B0F9E
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyA 7656B8AE 5 Bytes JMP 001B0040
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyA 76570BF5 5 Bytes JMP 001B0000
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyW 7657B83D 5 Bytes JMP 001B0FB9
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegCreateKeyExW 7657BCE1 5 Bytes JMP 001B0F8D
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyExA 7657D4E8 5 Bytes JMP 001B0FD4
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyW 76583CB0 5 Bytes JMP 001B0FE5
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!RegOpenKeyExW 7658F09D 5 Bytes JMP 001B0025
.text C:\Windows\system32\lsass.exe[772] msvcrt.dll!_wsystem 77508A47 5 Bytes JMP 008B0025
.text C:\Windows\system32\lsass.exe[772] msvcrt.dll!system 77508B63 5 Bytes JMP 008B0F9A
.text C:\Windows\system32\lsass.exe[772] msvcrt.dll!_creat 7750C6F1 5 Bytes JMP 008B0FC6
.text C:\Windows\system32\lsass.exe[772] msvcrt.dll!_open 7750DA7E 5 Bytes JMP 008B0000
.text C:\Windows\system32\lsass.exe[772] msvcrt.dll!_wcreat 7750DC9E 5 Bytes JMP 008B0FAB
.text C:\Windows\system32\lsass.exe[772] msvcrt.dll!_wopen 7750DE79 5 Bytes JMP 008B0FE3
.text C:\Windows\system32\lsass.exe[772] WS2_32.dll!socket 77CA36D1 5 Bytes JMP 008C000A
.text C:\Windows\system32\svchost.exe[944] ntdll.dll!NtCreateFile 77BC7C78 5 Bytes JMP 0060000A
.text C:\Windows\system32\svchost.exe[944] ntdll.dll!NtCreateProcess 77BC7D38 5 Bytes JMP 00600FDB
.text C:\Windows\system32\svchost.exe[944] ntdll.dll!NtProtectVirtualMemory 77BC85D8 5 Bytes JMP 0060001B
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!GetStartupInfoW 77CD1929 5 Bytes JMP 00610F54
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!GetStartupInfoA 77CD19C9 5 Bytes JMP 00610F65
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateProcessW 77CD1C01 5 Bytes JMP 006100C6
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateProcessA 77CD1C36 5 Bytes JMP 006100B5
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!VirtualProtect 77CD1DD1 5 Bytes JMP 0061006E
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeW 77CD5C44 5 Bytes JMP 00610025
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW 77CF374A 5 Bytes JMP 0061005D
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!LoadLibraryW 77CF382D 5 Bytes JMP 00610FAF
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!VirtualProtectEx 77CF8F5E 5 Bytes JMP 0061007F
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!LoadLibraryExA 77CF9649 5 Bytes JMP 00610F94
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!LoadLibraryA 77CF9671 5 Bytes JMP 00610036
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreatePipe 77D00474 5 Bytes JMP 00610090
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!GetProcAddress 77D1BAC6 5 Bytes JMP 006100D7
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateFileW 77D1CE4E 5 Bytes JMP 00610FE5
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateFileA 77D1D171 5 Bytes JMP 00610000
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeA 77D6462E 5 Bytes JMP 00610FD4
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!WinExec 77D6580B 5 Bytes JMP 00610F39
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_wsystem 77508A47 5 Bytes JMP 00740047
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!system 77508B63 5 Bytes JMP 00740036
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_creat 7750C6F1 5 Bytes JMP 00740011
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_open 7750DA7E 5 Bytes JMP 00740000
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_wcreat 7750DC9E 5 Bytes JMP 00740FC6
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_wopen 7750DE79 5 Bytes JMP 00740FD7
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExA 7656B5E7 5 Bytes JMP 0062006F
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyA 7656B8AE 5 Bytes JMP 00620039
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyA 76570BF5 5 Bytes JMP 00620FEF
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW 7657B83D 5 Bytes JMP 0062005E
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExW 7657BCE1 5 Bytes JMP 00620080
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExA 7657D4E8 5 Bytes JMP 00620FDE
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyW 76583CB0 5 Bytes JMP 00620014
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExW 7658F09D 5 Bytes JMP 00620FCD
.text C:\Windows\system32\svchost.exe[944] WS2_32.dll!socket 77CA36D1 5 Bytes JMP 00750000
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!NtCreateFile 77BC7C78 5 Bytes JMP 007A0FE5
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!NtCreateProcess 77BC7D38 5 Bytes JMP 007A0000
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!NtProtectVirtualMemory 77BC85D8 5 Bytes JMP 007A0FCA
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!GetStartupInfoW 77CD1929 5 Bytes JMP 007F00A2
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!GetStartupInfoA 77CD19C9 5 Bytes JMP 007F0F52
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateProcessW 77CD1C01 5 Bytes JMP 007F0F0B
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateProcessA 77CD1C36 5 Bytes JMP 007F0F1C
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!VirtualProtect 77CD1DD1 5 Bytes JMP 007F0F88
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateNamedPipeW 77CD5C44 5 Bytes JMP 007F002C
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!LoadLibraryExW 77CF374A 5 Bytes JMP 007F0062
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!LoadLibraryW 77CF382D 5 Bytes JMP 007F0FC0
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!VirtualProtectEx 77CF8F5E 5 Bytes JMP 007F007D
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!LoadLibraryExA 77CF9649 5 Bytes JMP 007F0FA5
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!LoadLibraryA 77CF9671 5 Bytes JMP 007F0047
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreatePipe 77D00474 5 Bytes JMP 007F0F6D
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!GetProcAddress 77D1BAC6 5 Bytes JMP 007F0EF0
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateFileW 77D1CE4E 5 Bytes JMP 007F0011
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateFileA 77D1D171 5 Bytes JMP 007F0000
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateNamedPipeA 77D6462E 5 Bytes JMP 007F0FDB
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!WinExec 77D6580B 5 Bytes JMP 007F0F37
.text C:\Windows\system32\svchost.exe[1040] msvcrt.dll!_wsystem 77508A47 5 Bytes JMP 00A7004C
.text C:\Windows\system32\svchost.exe[1040] msvcrt.dll!system 77508B63 5 Bytes JMP 00A70031
.text C:\Windows\system32\svchost.exe[1040] msvcrt.dll!_creat 7750C6F1 5 Bytes JMP 00A70FC1
.text C:\Windows\system32\svchost.exe[1040] msvcrt.dll!_open 7750DA7E 5 Bytes JMP 00A70FE3
.text C:\Windows\system32\svchost.exe[1040] msvcrt.dll!_wcreat 7750DC9E 5 Bytes JMP 00A70020
.text C:\Windows\system32\svchost.exe[1040] msvcrt.dll!_wopen 7750DE79 5 Bytes JMP 00A70FD2
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExA 7656B5E7 5 Bytes JMP 00A60065
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyA 7656B8AE 5 Bytes JMP 00A6004A
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyA 76570BF5 5 Bytes JMP 00A60000
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyW 7657B83D 5 Bytes JMP 00A60FC3
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExW 7657BCE1 5 Bytes JMP 00A60080
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExA 7657D4E8 5 Bytes JMP 00A60FE5
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyW 76583CB0 5 Bytes JMP 00A60025
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExW 7658F09D 5 Bytes JMP 00A60FD4
.text C:\Windows\system32\svchost.exe[1040] WS2_32.dll!socket 77CA36D1 5 Bytes JMP 00A80FE5
.text C:\Windows\System32\svchost.exe[1104] ntdll.dll!NtCreateFile 77BC7C78 5 Bytes JMP 00130FEF
.text C:\Windows\System32\svchost.exe[1104] ntdll.dll!NtCreateProcess 77BC7D38 5 Bytes JMP 00130FCD
.text C:\Windows\System32\svchost.exe[1104] ntdll.dll!NtProtectVirtualMemory 77BC85D8 5 Bytes JMP 00130FDE
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!GetStartupInfoW 77CD1929 5 Bytes JMP 00160070
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!GetStartupInfoA 77CD19C9 5 Bytes JMP 0016005F
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!CreateProcessW 77CD1C01 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!CreateProcessW 77CD1C01 5 Bytes JMP 00160F05
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!CreateProcessA 77CD1C36 5 Bytes JMP 0016009C
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!VirtualProtect 77CD1DD1 5 Bytes JMP 00160F59
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!CreateNamedPipeW 77CD5C44 5 Bytes JMP 00160011
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!LoadLibraryExW 77CF374A 5 Bytes JMP 00160F74
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!LoadLibraryW 77CF382D 5 Bytes JMP 0016003D
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!VirtualProtectEx 77CF8F5E 5 Bytes JMP 0016004E
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!LoadLibraryExA 77CF9649 5 Bytes JMP 00160F9B
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!LoadLibraryA 77CF9671 5 Bytes JMP 0016002C
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!CreatePipe 77D00474 5 Bytes JMP 00160F34
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!GetProcAddress 77D1BAC6 5 Bytes JMP 001600B7
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!CreateFileW 77D1CE4E 5 Bytes JMP 00160000
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!CreateFileA 77D1D171 5 Bytes JMP 00160FE5
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!CreateNamedPipeA 77D6462E 5 Bytes JMP 00160FC0
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!WinExec 77D6580B 5 Bytes JMP 00160081
.text C:\Windows\System32\svchost.exe[1104] msvcrt.dll!_wsystem 77508A47 5 Bytes JMP 00180027
.text C:\Windows\System32\svchost.exe[1104] msvcrt.dll!system 77508B63 5 Bytes JMP 00180F9C
.text C:\Windows\System32\svchost.exe[1104] msvcrt.dll!_creat 7750C6F1 5 Bytes JMP 00180FD2
.text C:\Windows\System32\svchost.exe[1104] msvcrt.dll!_open 7750DA7E 5 Bytes JMP 00180FEF
.text C:\Windows\System32\svchost.exe[1104] msvcrt.dll!_wcreat 7750DC9E 5 Bytes JMP 00180FB7
.text C:\Windows\System32\svchost.exe[1104] msvcrt.dll!_wopen 7750DE79 5 Bytes JMP 0018000C
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExA 7656B5E7 5 Bytes JMP 00170040
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyA 7656B8AE 5 Bytes JMP 00170F9E
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyA 76570BF5 5 Bytes JMP 00170FEF
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyW 7657B83D 5 Bytes JMP 0017002F
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExW 7657BCE1 5 Bytes JMP 00170051
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExA 7657D4E8 5 Bytes JMP 00170FC3
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyW 76583CB0 5 Bytes JMP 00170FDE
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExW 7658F09D 5 Bytes JMP 00170014
.text C:\Windows\System32\svchost.exe[1104] WS2_32.dll!socket 77CA36D1 5 Bytes JMP 002A0FEF
.text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtCreateFile 77BC7C78 5 Bytes JMP 00770FEF
.text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtCreateProcess 77BC7D38 5 Bytes JMP 00770FAF
.text C:\Windows\System32\svchost.exe[1132] ntdll.dll!NtProtectVirtualMemory 77BC85D8 5 Bytes JMP 00770FD4
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetStartupInfoW 77CD1929 5 Bytes JMP 00780F32
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetStartupInfoA 77CD19C9 5 Bytes JMP 00780078
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessW 77CD1C01 5 Bytes JMP 007800AE
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessA 77CD1C36 5 Bytes JMP 00780F17
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!VirtualProtect 77CD1DD1 5 Bytes JMP 00780F83
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateNamedPipeW 77CD5C44 5 Bytes JMP 00780FEF
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 77CF374A 5 Bytes JMP 00780F94
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryW 77CF382D 5 Bytes JMP 00780FC0
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!VirtualProtectEx 77CF8F5E 5 Bytes JMP 00780F68
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryExA 77CF9649 5 Bytes JMP 00780FAF
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryA 77CF9671 5 Bytes JMP 00780051
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreatePipe 77D00474 5 Bytes JMP 00780F57
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetProcAddress 77D1BAC6 5 Bytes JMP 00780EF2
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateFileW 77D1CE4E 5 Bytes JMP 00780025
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateFileA 77D1D171 5 Bytes JMP 00780000
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateNamedPipeA 77D6462E 5 Bytes JMP 00780036
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!WinExec 77D6580B 5 Bytes JMP 00780089
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_wsystem 77508A47 5 Bytes JMP 00790FB7
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!system 77508B63 5 Bytes JMP 00790FC8
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_creat 7750C6F1 5 Bytes JMP 00790027
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_open 7750DA7E 5 Bytes JMP 00790FEF
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_wcreat 7750DC9E 5 Bytes JMP 00790042
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_wopen 7750DE79 5 Bytes JMP 0079000C
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExA 7656B5E7 5 Bytes JMP 00760047
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyA 7656B8AE 5 Bytes JMP 00760025
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyA 76570BF5 5 Bytes JMP 00760FEF
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW 7657B83D 5 Bytes JMP 00760036
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExW 7657BCE1 5 Bytes JMP 00760F8A
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExA 7657D4E8 5 Bytes JMP 00760FD4
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyW 76583CB0 5 Bytes JMP 0076000A
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExW 7658F09D 5 Bytes JMP 00760FC3
.text C:\Windows\System32\svchost.exe[1132] WS2_32.dll!socket 77CA36D1 5 Bytes JMP 007E0000
.text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtCreateFile 77BC7C78 5 Bytes JMP 00960FE5
.text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtCreateProcess 77BC7D38 5 Bytes JMP 00960FD4
.text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtProtectVirtualMemory 77BC85D8 5 Bytes JMP 0096000A
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!GetStartupInfoW 77CD1929 5 Bytes JMP 00A70078
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!GetStartupInfoA 77CD19C9 5 Bytes JMP 00A70F32
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateProcessW 77CD1C01 5 Bytes JMP 00A700AE
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateProcessA 77CD1C36 5 Bytes JMP 00A70093
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!VirtualProtect 77CD1DD1 5 Bytes JMP 00A70053
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateNamedPipeW 77CD5C44 5 Bytes JMP 00A70FB9
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 77CF374A 5 Bytes JMP 00A70F79
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!LoadLibraryW 77CF382D 5 Bytes JMP 00A70F94
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!VirtualProtectEx 77CF8F5E 5 Bytes JMP 00A70F5E
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!LoadLibraryExA 77CF9649 5 Bytes JMP 00A70036
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!LoadLibraryA 77CF9671 5 Bytes JMP 00A70025
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreatePipe 77D00474 5 Bytes JMP 00A70F43
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!GetProcAddress 77D1BAC6 5 Bytes JMP 00A70EFC
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateFileW 77D1CE4E 5 Bytes JMP 00A7000A
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateFileA 77D1D171 5 Bytes JMP 00A70FEF
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!CreateNamedPipeA 77D6462E 5 Bytes JMP 00A70FCA
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!WinExec 77D6580B 5 Bytes JMP 00A70F17
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_wsystem 77508A47 5 Bytes JMP 00E10FA3
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!system 77508B63 5 Bytes JMP 00E1002E
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_creat 7750C6F1 5 Bytes JMP 00E10FC8
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_open 7750DA7E 5 Bytes JMP 00E10000
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_wcreat 7750DC9E 5 Bytes JMP 00E1001D
.text C:\Windows\System32\svchost.exe[1168] msvcrt.dll!_wopen 7750DE79 5 Bytes JMP 00E10FE3
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExA 7656B5E7 5 Bytes JMP 00950F94
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyA 7656B8AE 5 Bytes JMP 00950FB6
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyA 76570BF5 5 Bytes JMP 0095000A
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyW 7657B83D 5 Bytes JMP 00950FA5
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegCreateKeyExW 7657BCE1 5 Bytes JMP 00950F79
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExA 7657D4E8 5 Bytes JMP 00950FDB
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyW 76583CB0 5 Bytes JMP 0095001B
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!RegOpenKeyExW 7658F09D 5 Bytes JMP 0095002C
.text C:\Windows\System32\svchost.exe[1168] WS2_32.dll!socket 77CA36D1 5 Bytes JMP 00E20FEF
.text C:\Windows\system32\svchost.exe[1184] ntdll.dll!NtCreateFile 77BC7C78 5 Bytes JMP 009E0000
.text C:\Windows\system32\svchost.exe[1184] ntdll.dll!NtCreateProcess 77BC7D38 5 Bytes JMP 009E0FCA
.text C:\Windows\system32\svchost.exe[1184] ntdll.dll!NtProtectVirtualMemory 77BC85D8 5 Bytes JMP 009E0FDB
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!GetStartupInfoW 77CD1929 5 Bytes JMP 009F00AE
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!GetStartupInfoA 77CD19C9 5 Bytes JMP 009F009D
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateProcessW 77CD1C01 5 Bytes JMP 009F00F5
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateProcessA 77CD1C36 5 Bytes JMP 009F00DA
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!VirtualProtect 77CD1DD1 5 Bytes JMP 009F0F7C
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateNamedPipeW 77CD5C44 5 Bytes JMP 009F001B
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!LoadLibraryExW 77CF374A 5 Bytes JMP 009F0F8D
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!LoadLibraryW 77CF382D 5 Bytes JMP 009F0040
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!VirtualProtectEx 77CF8F5E 5 Bytes JMP 009F0071
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!LoadLibraryExA 77CF9649 5 Bytes JMP 009F0F9E
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!LoadLibraryA 77CF9671 5 Bytes JMP 009F0FB9
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreatePipe 77D00474 5 Bytes JMP 009F0082
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!GetProcAddress 77D1BAC6 5 Bytes JMP 009F0106
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateFileW 77D1CE4E 5 Bytes JMP 009F0FE5
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateFileA 77D1D171 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!CreateNamedPipeA 77D6462E 5 Bytes JMP 009F0FCA
.text C:\Windows\system32\svchost.exe[1184] kernel32.dll!WinExec 77D6580B 5 Bytes JMP 009F00BF
.text C:\Windows\system32\svchost.exe[1184] msvcrt.dll!_wsystem 77508A47 5 Bytes JMP 00A40022
.text C:\Windows\system32\svchost.exe[1184] msvcrt.dll!system 77508B63 5 Bytes JMP 00A40FA1
.text C:\Windows\system32\svchost.exe[1184] msvcrt.dll!_creat 7750C6F1 5 Bytes JMP 00A40011
.text C:\Windows\system32\svchost.exe[1184] msvcrt.dll!_open 7750DA7E 5 Bytes JMP 00A40FE3
.text C:\Windows\system32\svchost.exe[1184] msvcrt.dll!_wcreat 7750DC9E 5 Bytes JMP 00A40FB2
.text C:\Windows\system32\svchost.exe[1184] msvcrt.dll!_wopen 7750DE79 5 Bytes JMP 00A40000
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExA 7656B5E7 5 Bytes JMP 007F0F97
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyA 7656B8AE 5 Bytes JMP 007F0FB9
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyA 76570BF5 5 Bytes JMP 007F000A
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyW 7657B83D 5 Bytes JMP 007F0FA8
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExW 7657BCE1 5 Bytes JMP 007F0054
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExA 7657D4E8 5 Bytes JMP 007F0FD4
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyW 76583CB0 5 Bytes JMP 007F0FEF
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExW 7658F09D 5 Bytes JMP 007F0025
.text C:\Windows\system32\svchost.exe[1184] WS2_32.dll!socket 77CA36D1 5 Bytes JMP 00DE000A
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!NtCreateFile 77BC7C78 5 Bytes JMP 001E0000
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!NtCreateProcess 77BC7D38 5 Bytes JMP 001E0FE5
.text C:\Windows\system32\svchost.exe[1396] ntdll.dll!NtProtectVirtualMemory 77BC85D8 5 Bytes JMP 001E001B
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoW 77CD1929 5 Bytes JMP 001F0091
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoA 77CD19C9 5 Bytes JMP 001F006C
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateProcessW 77CD1C01 5 Bytes JMP 001F00B3
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateProcessA 77CD1C36 5 Bytes JMP 001F00A2
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!VirtualProtect 77CD1DD1 5 Bytes JMP 001F0F5C
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeW 77CD5C44 5 Bytes JMP 001F000A
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExW 77CF374A 5 Bytes JMP 001F0F6D
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryW 77CF382D 5 Bytes JMP 001F0036
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!VirtualProtectEx 77CF8F5E 5 Bytes JMP 001F0F4B
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExA 77CF9649 5 Bytes JMP 001F0F94
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!LoadLibraryA 77CF9671 5 Bytes JMP 001F001B
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreatePipe 77D00474 5 Bytes JMP 001F005B
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!GetProcAddress 77D1BAC6 5 Bytes JMP 001F0F01
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateFileW 77D1CE4E 5 Bytes JMP 001F0FDE
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateFileA 77D1D171 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeA 77D6462E 5 Bytes JMP 001F0FB9
.text C:\Windows\system32\svchost.exe[1396] kernel32.dll!WinExec 77D6580B 5 Bytes JMP 001F0F30
.text C:\Windows\system32\svchost.exe[1396] msvcrt.dll!_wsystem 77508A47 5 Bytes JMP 00200022
.text C:\Windows\system32\svchost.exe[1396] msvcrt.dll!system 77508B63 5 Bytes JMP 00200011
.text C:\Windows\system32\svchost.exe[1396] msvcrt.dll!_creat 7750C6F1 5 Bytes JMP 00200FC6
.text C:\Windows\system32\svchost.exe[1396] msvcrt.dll!_open 7750DA7E 5 Bytes JMP 00200FEF
.text C:\Windows\system32\svchost.exe[1396] msvcrt.dll!_wcreat 7750DC9E 5 Bytes JMP 00200FAB
.text C:\Windows\system32\svchost.exe[1396] msvcrt.dll!_wopen 7750DE79 5 Bytes JMP 00200000
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExA 7656B5E7 5 Bytes JMP 001D0080
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyA 7656B8AE 5 Bytes JMP 001D004A
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyA 76570BF5 5 Bytes JMP 001D000A
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyW 7657B83D 5 Bytes JMP 001D0065
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExW 7657BCE1 5 Bytes JMP 001D0FC3
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExA 7657D4E8 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyW 76583CB0 5 Bytes JMP 001D0025
.text C:\Windows\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExW 7658F09D 5 Bytes JMP 001D0FDE
.text C:\Windows\system32\svchost.exe[1396] WS2_32.dll!socket 77CA36D1 5 Bytes JMP 00370FE5
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtCreateFile 77BC7C78 5 Bytes JMP 00DE0000
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtCreateProcess 77BC7D38 5 Bytes JMP 00DE0FD4
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtProtectVirtualMemory 77BC85D8 5 Bytes JMP 00DE0FE5
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoW 77CD1929 5 Bytes JMP 01040073
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoA 77CD19C9 5 Bytes JMP 01040058
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateProcessW 77CD1C01 5 Bytes JMP 0104009F
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateProcessA 77CD1C36 5 Bytes JMP 01040F08
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!VirtualProtect 77CD1DD1 5 Bytes JMP 0104001B
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeW 77CD5C44 5 Bytes JMP 01040000
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 77CF374A 5 Bytes JMP 01040F4D
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryW 77CF382D 5 Bytes JMP 01040F83
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!VirtualProtectEx 77CF8F5E 5 Bytes JMP 01040036
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExA 77CF9649 5 Bytes JMP 01040F68
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryA 77CF9671 5 Bytes JMP 01040F94
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreatePipe 77D00474 5 Bytes JMP 01040047
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetProcAddress 77D1BAC6 5 Bytes JMP 010400B0
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateFileW 77D1CE4E 5 Bytes JMP 01040FCA
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateFileA 77D1D171 5 Bytes JMP 01040FEF
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeA 77D6462E 5 Bytes JMP 01040FAF
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!WinExec 77D6580B 5 Bytes JMP 01040084
.text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wsystem 77508A47 5 Bytes JMP 00DD0FAD
.text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!system 77508B63 5 Bytes JMP 00DD0042
.text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_creat 7750C6F1 5 Bytes JMP 00DD001D
.text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_open 7750DA7E 5 Bytes JMP 00DD0000
.text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wcreat 7750DC9E 5 Bytes JMP 00DD0FD2
.text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wopen 7750DE79 5 Bytes JMP 00DD0FE3
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExA 7656B5E7 5 Bytes JMP 007E0058
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyA 7656B8AE 5 Bytes JMP 007E0036
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyA 76570BF5 5 Bytes JMP 007E0000
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyW 7657B83D 5 Bytes JMP 007E0047
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExW 7657BCE1 5 Bytes JMP 007E0069
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExA 7657D4E8 5 Bytes JMP 007E0FD4
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyW 76583CB0 5 Bytes JMP 007E0FE5
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExW 7658F09D 5 Bytes JMP 007E001B
.text C:\Windows\system32\svchost.exe[1448] WS2_32.dll!socket 77CA36D1 5 Bytes JMP 00DF000A
.text C:\Windows\system32\svchost.exe[1448] WinInet.dll!InternetOpenA 7676D690 5 Bytes JMP 00D80FE5
.text C:\Windows\system32\svchost.exe[1448] WinInet.dll!InternetOpenW 7676DB09 5 Bytes JMP 00D80000
.text C:\Windows\system32\svchost.exe[1448] WinInet.dll!InternetOpenUrlA 7676F3A4 5 Bytes JMP 00D8001B
.text C:\Windows\system32\svchost.exe[1448] WinInet.dll!InternetOpenUrlW 767B6D5F 5 Bytes JMP 00D80FCA
.text C:\Windows\system32\svchost.exe[1740] ntdll.dll!NtCreateFile 77BC7C78 5 Bytes JMP 00720000
.text C:\Windows\system32\svchost.exe[1740] ntdll.dll!NtCreateProcess 77BC7D38 5 Bytes JMP 00720FE5
.text C:\Windows\system32\svchost.exe[1740] ntdll.dll!NtProtectVirtualMemory 77BC85D8 5 Bytes JMP 00720011
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!GetStartupInfoW 77CD1929 5 Bytes JMP 00780093
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!GetStartupInfoA 77CD19C9 5 Bytes JMP 00780082
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateProcessW 77CD1C01 5 Bytes JMP 007800D3
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateProcessA 77CD1C36 5 Bytes JMP 00780F32
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!VirtualProtect 77CD1DD1 5 Bytes JMP 00780F79
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateNamedPipeW 77CD5C44 5 Bytes JMP 00780040
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!LoadLibraryExW 77CF374A 5 Bytes JMP 00780F94
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!LoadLibraryW 77CF382D 5 Bytes JMP 00780051
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!VirtualProtectEx 77CF8F5E 5 Bytes JMP 00780F68
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!LoadLibraryExA 77CF9649 5 Bytes JMP 00780FAF
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!LoadLibraryA 77CF9671 5 Bytes JMP 00780FD4
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreatePipe 77D00474 5 Bytes JMP 00780F57
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!GetProcAddress 77D1BAC6 5 Bytes JMP 007800E4
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateFileW 77D1CE4E 5 Bytes JMP 00780FEF
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateFileA 77D1D171 5 Bytes JMP 00780000
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!CreateNamedPipeA 77D6462E 5 Bytes JMP 00780025
.text C:\Windows\system32\svchost.exe[1740] kernel32.dll!WinExec 77D6580B 5 Bytes JMP 007800A4
.text C:\Windows\system32\svchost.exe[1740] msvcrt.dll!_wsystem 77508A47 5 Bytes JMP 00710033
.text C:\Windows\system32\svchost.exe[1740] msvcrt.dll!system 77508B63 5 Bytes JMP 00710FA8
.text C:\Windows\system32\svchost.exe[1740] msvcrt.dll!_creat 7750C6F1 5 Bytes JMP 00710FDE
.text C:\Windows\system32\svchost.exe[1740] msvcrt.dll!_open 7750DA7E 5 Bytes JMP 00710FEF
.text C:\Windows\system32\svchost.exe[1740] msvcrt.dll!_wcreat 7750DC9E 5 Bytes JMP 00710FB9
.text C:\Windows\system32\svchost.exe[1740] msvcrt.dll!_wopen 7750DE79 5 Bytes JMP 00710018
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyExA 7656B5E7 5 Bytes JMP 006F0058
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyA 7656B8AE 5 Bytes JMP 006F0036
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyA 76570BF5 5 Bytes JMP 006F0000
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyW 7657B83D 5 Bytes JMP 006F0047
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegCreateKeyExW 7657BCE1 5 Bytes JMP 006F0F9B
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyExA 7657D4E8 5 Bytes JMP 006F0FCA
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyW 76583CB0 5 Bytes JMP 006F0FEF
.text C:\Windows\system32\svchost.exe[1740] ADVAPI32.dll!RegOpenKeyExW 7658F09D 5 Bytes JMP 006F0025
.text C:\Windows\system32\svchost.exe[1740] WS2_32.dll!socket 77CA36D1 5 Bytes JMP 00770000
.text C:\Windows\system32\svchost.exe[2000] ntdll.dll!NtCreateFile 77BC7C78 5 Bytes JMP 01B60000
.text C:\Windows\system32\svchost.exe[2000] ntdll.dll!NtCreateProcess 77BC7D38 5 Bytes JMP 01B60FD4
.text C:\Windows\system32\svchost.exe[2000] ntdll.dll!NtProtectVirtualMemory 77BC85D8 5 Bytes JMP 01B60FE5
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!GetStartupInfoW 77CD1929 5 Bytes JMP 01B80F4E
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!GetStartupInfoA 77CD19C9 5 Bytes JMP 01B80F5F
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!CreateProcessW 77CD1C01 5 Bytes JMP 01B80F18
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!CreateProcessA 77CD1C36 5 Bytes JMP 01B80F29
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!VirtualProtect 77CD1DD1 5 Bytes JMP 01B80079
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!CreateNamedPipeW 77CD5C44 5 Bytes JMP 01B80FCD
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!LoadLibraryExW 77CF374A 5 Bytes JMP 01B8005E
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!LoadLibraryW 77CF382D 5 Bytes JMP 01B80043
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!VirtualProtectEx 77CF8F5E 5 Bytes JMP 01B8008A
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!LoadLibraryExA 77CF9649 5 Bytes JMP 01B80FA1
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!LoadLibraryA 77CF9671 5 Bytes JMP 01B80FB2
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!CreatePipe 77D00474 5 Bytes JMP 01B80F70
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!GetProcAddress 77D1BAC6 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!GetProcAddress 77D1BAC6 5 Bytes JMP 01B800CA
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!CreateFileW 77D1CE4E 5 Bytes JMP 01B80FDE
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!CreateFileA 77D1D171 5 Bytes JMP 01B80FEF
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!CreateNamedPipeA 77D6462E 5 Bytes JMP 01B8001E
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!WinExec 77D6580B 5 Bytes JMP 01B800AF
.text C:\Windows\system32\svchost.exe[2000] msvcrt.dll!_wsystem 77508A47 5 Bytes JMP 01B50FB7
.text C:\Windows\system32\svchost.exe[2000] msvcrt.dll!system 77508B63 5 Bytes JMP 01B50FC8
.text C:\Windows\system32\svchost.exe[2000] msvcrt.dll!_creat 7750C6F1 5 Bytes JMP 01B50FE3
.text C:\Windows\system32\svchost.exe[2000] msvcrt.dll!_open 7750DA7E 5 Bytes JMP 01B5000C
.text C:\Windows\system32\svchost.exe[2000] msvcrt.dll!_wcreat 7750DC9E 5 Bytes JMP 01B5002E
.text C:\Windows\system32\svchost.exe[2000] msvcrt.dll!_wopen 7750DE79 5 Bytes JMP 01B5001D
.text C:\Windows\system32\svchost.exe[2000] ADVAPI32.dll!RegCreateKeyExA 7656B5E7 5 Bytes JMP 01B40065
.text C:\Windows\system32\svchost.exe[2000] ADVAPI32.dll!RegCreateKeyA 7656B8AE 5 Bytes JMP 01B40FC3
.text C:\Windows\system32\svchost.exe[2000] ADVAPI32.dll!RegOpenKeyA 76570BF5 5 Bytes JMP 01B40FEF
.text C:\Windows\system32\svchost.exe[2000] ADVAPI32.dll!RegCreateKeyW 7657B83D 5 Bytes JMP 01B40054
.text C:\Windows\system32\svchost.exe[2000] ADVAPI32.dll!RegCreateKeyExW 7657BCE1 5 Bytes JMP 01B40FA8
.text C:\Windows\system32\svchost.exe[2000] ADVAPI32.dll!RegOpenKeyExA 7657D4E8 5 Bytes JMP 01B4001B
.text C:\Windows\system32\svchost.exe[2000] ADVAPI32.dll!RegOpenKeyW 76583CB0 5 Bytes JMP 01B4000A
.text C:\Windows\system32\svchost.exe[2000] ADVAPI32.dll!RegOpenKeyExW 7658F09D 5 Bytes JMP 01B40FD4
.text C:\Windows\system32\svchost.exe[2000] WS2_32.dll!socket 77CA36D1 5 Bytes JMP 01B70FEF
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2252] USER32.dll!GetWindowInfo 764C0560 5 Bytes JMP 60684822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2252] USER32.dll!TrackPopupMenu 764D1417 5 Bytes JMP 60684DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\Explorer.EXE[2456] ntdll.dll!NtCreateFile 77BC7C78 5 Bytes JMP 024F0000
.text C:\Windows\Explorer.EXE[2456] ntdll.dll!NtCreateProcess 77BC7D38 5 Bytes JMP 024F0FC0
.text C:\Windows\Explorer.EXE[2456] ntdll.dll!NtProtectVirtualMemory 77BC85D8 5 Bytes JMP 024F0FDB
.text C:\Windows\Explorer.EXE[2456] kernel32.dll!GetStartupInfoW 77CD1929 5 Bytes JMP 03FC007A
.text C:\Windows\Explorer.EXE[2456] kernel32.dll!GetStartupInfoA 77CD19C9 5 Bytes JMP 03FC0069
.text C:\Windows\Explorer.EXE[2456] kernel32.dll!CreateProcessW 77CD1C01 5 Bytes JMP 03FC00AD
.text C:\Windows\Explorer.EXE[2456] kernel32.dll!CreateProcessA 77CD1C36 5 Bytes JMP 03FC009C
.text C:\Windows\Explorer.EXE[2456] kernel32.dll!VirtualProtect 77CD1DD1 5 Bytes JMP 03FC004E
.text C:\Windows\Explorer.EXE[2456] kernel32.dll!CreateNamedPipeW 77CD5C44 5 Bytes JMP 03FC0033
.text C:\Windows\Explorer.EXE[2456] kernel32.dll!LoadLibraryExW 77CF374A 5 Bytes JMP 03FC0F80
.text C:\Windows\Explorer.EXE[2456] kernel32.dll!LoadLibraryW 77CF382D 5 Bytes JMP 03FC0FAC
.text C:\Windows\Explorer.EXE[2456] kernel32.dll!VirtualProtectEx 77CF8F5E 5 Bytes JMP 03FC0F4F
.text C:\Windows\Explorer.EXE[2456] kernel32.dll!LoadLibraryExA 77CF9649 5 Bytes JMP 03FC0F91
.text C:\Windows\Explorer.EXE[2456] kernel32.dll!LoadLibraryA 77CF9671 5 Bytes JMP 03FC0FC7
.text C:\Windows\Explorer.EXE[2456] kernel32.dll!CreatePipe 77D00474 5 Bytes JMP 03FC0F3E
.text C:\Windows\Explorer.EXE[2456] kernel32.dll!GetProcAddress 77D1BAC6 5 Bytes JMP 03FC0EFB
.text C:\Windows\Explorer.EXE[2456] kernel32.dll!CreateFileW 77D1CE4E 5 Bytes JMP 03FC0011
.text C:\Windows\Explorer.EXE[2456] kernel32.dll!CreateFileA 77D1D171 5 Bytes JMP 03FC0000
.text C:\Windows\Explorer.EXE[2456] kernel32.dll!CreateNamedPipeA 77D6462E 5 Bytes JMP 03FC0022
.text C:\Windows\Explorer.EXE[2456] kernel32.dll!WinExec 77D6580B 5 Bytes JMP 03FC008B
.text C:\Windows\Explorer.EXE[2456] ADVAPI32.dll!RegCreateKeyExA 7656B5E7 5 Bytes JMP 024C0091
.text C:\Windows\Explorer.EXE[2456] ADVAPI32.dll!RegCreateKeyA 7656B8AE 5 Bytes JMP 024C0051
.text C:\Windows\Explorer.EXE[2456] ADVAPI32.dll!RegOpenKeyA 76570BF5 5 Bytes JMP 024C000A
.text C:\Windows\Explorer.EXE[2456] ADVAPI32.dll!RegCreateKeyW 7657B83D 5 Bytes JMP 024C006C
.text C:\Windows\Explorer.EXE[2456] ADVAPI32.dll!RegCreateKeyExW 7657BCE1 5 Bytes JMP 024C0FD4
.text C:\Windows\Explorer.EXE[2456] ADVAPI32.dll!RegOpenKeyExA 7657D4E8 5 Bytes JMP 024C0025
.text C:\Windows\Explorer.EXE[2456] ADVAPI32.dll!RegOpenKeyW 76583CB0 5 Bytes JMP 024C0FEF
.text C:\Windows\Explorer.EXE[2456] ADVAPI32.dll!RegOpenKeyExW 7658F09D 5 Bytes JMP 024C0040
.text C:\Windows\Explorer.EXE[2456] msvcrt.dll!_wsystem 77508A47 5 Bytes JMP 024E004E
.text C:\Windows\Explorer.EXE[2456] msvcrt.dll!system 77508B63 5 Bytes JMP 024E003D
.text C:\Windows\Explorer.EXE[2456] msvcrt.dll!_creat 7750C6F1 5 Bytes JMP 024E0011
.text C:\Windows\Explorer.EXE[2456] msvcrt.dll!_open 7750DA7E 5 Bytes JMP 024E0000
.text C:\Windows\Explorer.EXE[2456] msvcrt.dll!_wcreat 7750DC9E 5 Bytes JMP 024E002C
.text C:\Windows\Explorer.EXE[2456] msvcrt.dll!_wopen 7750DE79 5 Bytes JMP 024E0FE3
.text C:\Windows\Explorer.EXE[2456] WS2_32.dll!socket 77CA36D1 5 Bytes JMP 03750000
.text C:\Windows\Explorer.EXE[2456] WININET.dll!InternetOpenA 7676D690 5 Bytes JMP 024D0000
.text C:\Windows\Explorer.EXE[2456] WININET.dll!InternetOpenW 7676DB09 5 Bytes JMP 024D0011
.text C:\Windows\Explorer.EXE[2456] WININET.dll!InternetOpenUrlA 7676F3A4 5 Bytes JMP 024D0FE5
.text C:\Windows\Explorer.EXE[2456] WININET.dll!InternetOpenUrlW 767B6D5F 5 Bytes JMP 024D002C
.text C:\Windows\system32\svchost.exe[2604] ntdll.dll!NtCreateFile 77BC7C78 5 Bytes JMP 001E0000
.text C:\Windows\system32\svchost.exe[2604] ntdll.dll!NtCreateProcess 77BC7D38 5 Bytes JMP 001E0FD1
.text C:\Windows\system32\svchost.exe[2604] ntdll.dll!NtProtectVirtualMemory 77BC85D8 5 Bytes JMP 001E0011
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!GetStartupInfoW 77CD1929 5 Bytes JMP 00510F18
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!GetStartupInfoA 77CD19C9 5 Bytes JMP 00510F29
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!CreateProcessW 77CD1C01 5 Bytes JMP 00510EE5
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!CreateProcessA 77CD1C36 5 Bytes JMP 00510EF6
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!VirtualProtect 77CD1DD1 5 Bytes JMP 00510F55
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!CreateNamedPipeW 77CD5C44 5 Bytes JMP 00510FB9
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!LoadLibraryExW 77CF374A 5 Bytes JMP 00510F72
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!LoadLibraryW 77CF382D 5 Bytes JMP 0051002F
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!VirtualProtectEx 77CF8F5E 5 Bytes JMP 00510054
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!LoadLibraryExA 77CF9649 5 Bytes JMP 00510F8D
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!LoadLibraryA 77CF9671 5 Bytes JMP 00510F9E
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!CreatePipe 77D00474 5 Bytes JMP 00510F44
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!GetProcAddress 77D1BAC6 5 Bytes JMP 00510EC0
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!CreateFileW 77D1CE4E 5 Bytes JMP 0051000A
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!CreateFileA 77D1D171 5 Bytes JMP 00510FEF
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!CreateNamedPipeA 77D6462E 5 Bytes JMP 00510FD4
.text C:\Windows\system32\svchost.exe[2604] kernel32.dll!WinExec 77D6580B 5 Bytes JMP 00510F07
.text C:\Windows\system32\svchost.exe[2604] msvcrt.dll!_wsystem 77508A47 5 Bytes JMP 001C0F8D
.text C:\Windows\system32\svchost.exe[2604] msvcrt.dll!system 77508B63 5 Bytes JMP 001C0FA8
.text C:\Windows\system32\svchost.exe[2604] msvcrt.dll!_creat 7750C6F1 5 Bytes JMP 001C0FCD
.text C:\Windows\system32\svchost.exe[2604] msvcrt.dll!_open 7750DA7E 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[2604] msvcrt.dll!_wcreat 7750DC9E 5 Bytes JMP 001C0022
.text C:\Windows\system32\svchost.exe[2604] msvcrt.dll!_wopen 7750DE79 5 Bytes JMP 001C0FDE
.text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!RegCreateKeyExA 7656B5E7 5 Bytes JMP 00070039
.text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!RegCreateKeyA 7656B8AE 5 Bytes JMP 00070FA8
.text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!RegOpenKeyA 76570BF5 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!RegCreateKeyW 7657B83D 5 Bytes JMP 00070F97
.text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!RegCreateKeyExW 7657BCE1 5 Bytes JMP 00070F7C
.text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!RegOpenKeyExA 7657D4E8 5 Bytes JMP 00070FD4
.text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!RegOpenKeyW 76583CB0 5 Bytes JMP 00070FE5
.text C:\Windows\system32\svchost.exe[2604] ADVAPI32.dll!RegOpenKeyExW 7658F09D 5 Bytes JMP 00070FC3
.text C:\Windows\system32\svchost.exe[2604] WS2_32.dll!socket 77CA36D1 5 Bytes JMP 00400000
.text C:\Windows\system32\svchost.exe[2840] ntdll.dll!NtCreateFile 77BC7C78 5 Bytes JMP 00350FEF
.text C:\Windows\system32\svchost.exe[2840] ntdll.dll!NtCreateProcess 77BC7D38 5 Bytes JMP 00350FB9
.text C:\Windows\system32\svchost.exe[2840] ntdll.dll!NtProtectVirtualMemory 77BC85D8 5 Bytes JMP 00350FD4
.text C:\Windows\system32\svchost.exe[2840] kernel32.dll!GetStartupInfoW 77CD1929 5 Bytes JMP 006000DA
.text C:\Windows\system32\svchost.exe[2840] kernel32.dll!GetStartupInfoA 77CD19C9 5 Bytes JMP 00600F8A
.text C:\Windows\system32\svchost.exe[2840] kernel32.dll!CreateProcessW 77CD1C01 5 Bytes JMP 006000F5
.text C:\Windows\system32\svchost.exe[2840] kernel32.dll!CreateProcessA 77CD1C36 5 Bytes JMP 00600F5E
.text C:\Windows\system32\svchost.exe[2840] kernel32.dll!VirtualProtect 77CD1DD1 5 Bytes JMP 0060009A
.text C:\Windows\system32\svchost.exe[2840] kernel32.dll!CreateNamedPipeW 77CD5C44 5 Bytes JMP 0060002F
.text C:\Windows\system32\svchost.exe[2840] kernel32.dll!LoadLibraryExW 77CF374A 5 Bytes JMP 00600089
.text C:\Windows\system32\svchost.exe[2840] kernel32.dll!LoadLibraryW 77CF382D 5 Bytes JMP 00600051
.text C:\Windows\system32\svchost.exe[2840] kernel32.dll!VirtualProtectEx 77CF8F5E 5 Bytes JMP 006000AB
.text C:\Windows\system32\svchost.exe[2840] kernel32.dll!LoadLibraryExA 77CF9649 5 Bytes JMP 00600062
.text C:\Windows\system32\svchost.exe[2840] kernel32.dll!LoadLibraryA 77CF9671 5 Bytes JMP 00600040
.text C:\Windows\system32\svchost.exe[2840] kernel32.dll!CreatePipe 77D00474 5 Bytes JMP 00600F9B
.text C:\Windows\system32\svchost.exe[2840] kernel32.dll!GetProcAddress 77D1BAC6 5 Bytes JMP 00600106
.text C:\Windows\system32\svchost.exe[2840] kernel32.dll!CreateFileW 77D1CE4E 5 Bytes JMP 00600FEF
.text C:\Windows\system32\svchost.exe[2840] kernel32.dll!CreateFileA 77D1D171 5 Bytes JMP 0060000A
.text C:\Windows\system32\svchost.exe[2840] kernel32.dll!CreateNamedPipeA 77D6462E 5 Bytes JMP 00600FDE
.text C:\Windows\system32\svchost.exe[2840] kernel32.dll!WinExec 77D6580B 5 Bytes JMP 00600F79
.text C:\Windows\system32\svchost.exe[2840] msvcrt.dll!_wsystem 77508A47 5 Bytes JMP 00340F90
.text C:\Windows\system32\svchost.exe[2840] msvcrt.dll!system 77508B63 5 Bytes JMP 00340FA1
.text C:\Windows\system32\svchost.exe[2840] msvcrt.dll!_creat 7750C6F1 5 Bytes JMP 00340011
.text C:\Windows\system32\svchost.exe[2840] msvcrt.dll!_open 7750DA7E 5 Bytes JMP 00340000
.text C:\Windows\system32\svchost.exe[2840] msvcrt.dll!_wcreat 7750DC9E 5 Bytes JMP 00340FC6
.text C:\Windows\system32\svchost.exe[2840] msvcrt.dll!_wopen 7750DE79 5 Bytes JMP 00340FE3
.text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!RegCreateKeyExA 7656B5E7 5 Bytes JMP 001C0F7F
.text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!RegCreateKeyA 7656B8AE 5 Bytes JMP 001C0FA1
.text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!RegOpenKeyA 76570BF5 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!RegCreateKeyW 7657B83D 5 Bytes JMP 001C0F90
.text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!RegCreateKeyExW 7657BCE1 5 Bytes JMP 001C003C
.text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!RegOpenKeyExA 7657D4E8 5 Bytes JMP 001C0FC3
.text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!RegOpenKeyW 76583CB0 5 Bytes JMP 001C0FD4
.text C:\Windows\system32\svchost.exe[2840] ADVAPI32.dll!RegOpenKeyExW 7658F09D 5 Bytes JMP 001C0FB2
.text C:\Windows\system32\svchost.exe[2840] WS2_32.dll!socket 77CA36D1 5 Bytes JMP 005F0FEF
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3272] kernel32.dll!LoadLibraryW 77CF382D 5 Bytes JMP 69089A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3272] kernel32.dll!LoadLibraryA 77CF9671 5 Bytes JMP 690899A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\System32\svchost.exe[3748] ntdll.dll!NtCreateFile 77BC7C78 5 Bytes JMP 00070FE5
.text C:\Windows\System32\svchost.exe[3748] ntdll.dll!NtCreateProcess 77BC7D38 5 Bytes JMP 00070FCA
.text C:\Windows\System32\svchost.exe[3748] ntdll.dll!NtProtectVirtualMemory 77BC85D8 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[3748] kernel32.dll!GetStartupInfoW 77CD1929 5 Bytes JMP 00080F6A
.text C:\Windows\System32\svchost.exe[3748] kernel32.dll!GetStartupInfoA 77CD19C9 5 Bytes JMP 000800B0
.text C:\Windows\System32\svchost.exe[3748] kernel32.dll!CreateProcessW 77CD1C01 5 Bytes JMP 000800DF
.text C:\Windows\System32\svchost.exe[3748] kernel32.dll!CreateProcessA 77CD1C36 5 Bytes JMP 00080F48
.text C:\Windows\System32\svchost.exe[3748] kernel32.dll!VirtualProtect 77CD1DD1 5 Bytes JMP 0008007A
.text C:\Windows\System32\svchost.exe[3748] kernel32.dll!CreateNamedPipeW 77CD5C44 5 Bytes JMP 00080FCA
.text C:\Windows\System32\svchost.exe[3748] kernel32.dll!LoadLibraryExW 77CF374A 5 Bytes JMP 00080069
.text C:\Windows\System32\svchost.exe[3748] kernel32.dll!LoadLibraryW 77CF382D 5 Bytes JMP 00080047
.text C:\Windows\System32\svchost.exe[3748] kernel32.dll!VirtualProtectEx 77CF8F5E 5 Bytes JMP 0008008B
.text C:\Windows\System32\svchost.exe[3748] kernel32.dll!LoadLibraryExA 77CF9649 5 Bytes JMP 00080058
.text C:\Windows\System32\svchost.exe[3748] kernel32.dll!LoadLibraryA 77CF9671 5 Bytes JMP 00080036
.text C:\Windows\System32\svchost.exe[3748] kernel32.dll!CreatePipe 77D00474 5 Bytes JMP 00080F7B
.text C:\Windows\System32\svchost.exe[3748] kernel32.dll!GetProcAddress 77D1BAC6 5 Bytes JMP 000800FA
.text C:\Windows\System32\svchost.exe[3748] kernel32.dll!CreateFileW 77D1CE4E 5 Bytes JMP 0008000A
.text C:\Windows\System32\svchost.exe[3748] kernel32.dll!CreateFileA 77D1D171 5 Bytes JMP 00080FE5
.text C:\Windows\System32\svchost.exe[3748] kernel32.dll!CreateNamedPipeA 77D6462E 5 Bytes JMP 00080025
.text C:\Windows\System32\svchost.exe[3748] kernel32.dll!WinExec 77D6580B 5 Bytes JMP 00080F59
.text C:\Windows\System32\svchost.exe[3748] msvcrt.dll!_wsystem 77508A47 5 Bytes JMP 00060F9C
.text C:\Windows\System32\svchost.exe[3748] msvcrt.dll!system 77508B63 5 Bytes JMP 00060027
.text C:\Windows\System32\svchost.exe[3748] msvcrt.dll!_creat 7750C6F1 5 Bytes JMP 00060FD2
.text C:\Windows\System32\svchost.exe[3748] msvcrt.dll!_open 7750DA7E 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[3748] msvcrt.dll!_wcreat 7750DC9E 5 Bytes JMP 00060FC1
.text C:\Windows\System32\svchost.exe[3748] msvcrt.dll!_wopen 7750DE79 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[3748] ADVAPI32.dll!RegCreateKeyExA 7656B5E7 5 Bytes JMP 00050FAF
.text C:\Windows\System32\svchost.exe[3748] ADVAPI32.dll!RegCreateKeyA 7656B8AE 5 Bytes JMP 00050FD4
.text C:\Windows\System32\svchost.exe[3748] ADVAPI32.dll!RegOpenKeyA 76570BF5 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[3748] ADVAPI32.dll!RegCreateKeyW 7657B83D 5 Bytes JMP 00050051
.text C:\Windows\System32\svchost.exe[3748] ADVAPI32.dll!RegCreateKeyExW 7657BCE1 5 Bytes JMP 00050F9E
.text C:\Windows\System32\svchost.exe[3748] ADVAPI32.dll!RegOpenKeyExA 7657D4E8 5 Bytes JMP 0005001B
.text C:\Windows\System32\svchost.exe[3748] ADVAPI32.dll!RegOpenKeyW 76583CB0 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[3748] ADVAPI32.dll!RegOpenKeyExW 7658F09D 5 Bytes JMP 00050040
.text C:\Program Files\Mozilla Firefox\firefox.exe[4496] ntdll.dll!LdrLoadDll 77B979B3 5 Bytes JMP 6050C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4496] kernel32.dll!MapViewOfFile 77D18140 5 Bytes JMP 6073E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4496] kernel32.dll!VirtualAlloc 77D1BA7F 5 Bytes JMP 6073E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4496] GDI32.dll!CreateDIBSection 778475C0 5 Bytes JMP 6073E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4496] WS2_32.dll!recv 77CA343A 6 Bytes JMP 71A00F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4496] WS2_32.dll!WSASend 77CA4496 6 Bytes JMP 719D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4496] WS2_32.dll!WSALookupServiceNextW 77CA455D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4496] WS2_32.dll!WSALookupServiceBeginW 77CA4E93 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4496] WS2_32.dll!WSALookupServiceEnd 77CA5564 6 Bytes JMP 71A60F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4496] WS2_32.dll!send 77CA659B 6 Bytes JMP 71A30F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4496] WS2_32.dll!WSAGetOverlappedResult 77CA8143 6 Bytes JMP 71970F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4496] WS2_32.dll!WSARecv 77CA8400 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\wuauclt.exe[5684] ntdll.dll!NtCreateFile 77BC7C78 5 Bytes JMP 00040000
.text C:\Windows\system32\wuauclt.exe[5684] ntdll.dll!NtCreateProcess 77BC7D38 5 Bytes JMP 00040FE5
.text C:\Windows\system32\wuauclt.exe[5684] ntdll.dll!NtProtectVirtualMemory 77BC85D8 5 Bytes JMP 0004001B
.text C:\Windows\system32\wuauclt.exe[5684] kernel32.dll!GetStartupInfoW 77CD1929 5 Bytes JMP 000100B5
.text C:\Windows\system32\wuauclt.exe[5684] kernel32.dll!GetStartupInfoA 77CD19C9 5 Bytes JMP 000100A4
.text C:\Windows\system32\wuauclt.exe[5684] kernel32.dll!CreateProcessW 77CD1C01 5 Bytes JMP 00010F32
.text C:\Windows\system32\wuauclt.exe[5684] kernel32.dll!CreateProcessA 77CD1C36 5 Bytes JMP 00010F43
.text C:\Windows\system32\wuauclt.exe[5684] kernel32.dll!VirtualProtect 77CD1DD1 5 Bytes JMP 00010067
.text C:\Windows\system32\wuauclt.exe[5684] kernel32.dll!CreateNamedPipeW 77CD5C44 5 Bytes JMP 00010FA8
.text C:\Windows\system32\wuauclt.exe[5684] kernel32.dll!LoadLibraryExW 77CF374A 5 Bytes JMP 00010056
.text C:\Windows\system32\wuauclt.exe[5684] kernel32.dll!LoadLibraryW 77CF382D 5 Bytes JMP 0001001E
.text C:\Windows\system32\wuauclt.exe[5684] kernel32.dll!VirtualProtectEx 77CF8F5E 5 Bytes JMP 00010078
.text C:\Windows\system32\wuauclt.exe[5684] kernel32.dll!LoadLibraryExA 77CF9649 5 Bytes JMP 00010039
.text C:\Windows\system32\wuauclt.exe[5684] kernel32.dll!LoadLibraryA 77CF9671 5 Bytes JMP 00010F97
.text C:\Windows\system32\wuauclt.exe[5684] kernel32.dll!CreatePipe 77D00474 5 Bytes JMP 00010089
.text C:\Windows\system32\wuauclt.exe[5684] kernel32.dll!GetProcAddress 77D1BAC6 5 Bytes JMP 00010F21
.text C:\Windows\system32\wuauclt.exe[5684] kernel32.dll!CreateFileW 77D1CE4E 5 Bytes JMP 00010FD4
.text C:\Windows\system32\wuauclt.exe[5684] kernel32.dll!CreateFileA 77D1D171 5 Bytes JMP 00010FEF
.text C:\Windows\system32\wuauclt.exe[5684] kernel32.dll!CreateNamedPipeA 77D6462E 5 Bytes JMP 00010FB9
.text C:\Windows\system32\wuauclt.exe[5684] kernel32.dll!WinExec 77D6580B 5 Bytes JMP 00010F54
.text C:\Windows\system32\wuauclt.exe[5684] msvcrt.dll!_wsystem 77508A47 5 Bytes JMP 000B0FAD
.text C:\Windows\system32\wuauclt.exe[5684] msvcrt.dll!system 77508B63 5 Bytes JMP 000B0FBE
.text C:\Windows\system32\wuauclt.exe[5684] msvcrt.dll!_creat 7750C6F1 5 Bytes JMP 000B0FE3
.text C:\Windows\system32\wuauclt.exe[5684] msvcrt.dll!_open 7750DA7E 5 Bytes JMP 000B0000
.text C:\Windows\system32\wuauclt.exe[5684] msvcrt.dll!_wcreat 7750DC9E 5 Bytes JMP 000B002E
.text C:\Windows\system32\wuauclt.exe[5684] msvcrt.dll!_wopen 7750DE79 5 Bytes JMP 000B001D
.text C:\Windows\system32\wuauclt.exe[5684] ADVAPI32.dll!RegCreateKeyExA 7656B5E7 5 Bytes JMP 00540F72
.text C:\Windows\system32\wuauclt.exe[5684] ADVAPI32.dll!RegCreateKeyA 7656B8AE 5 Bytes JMP 00540FA8
.text C:\Windows\system32\wuauclt.exe[5684] ADVAPI32.dll!RegOpenKeyA 76570BF5 5 Bytes JMP 00540FEF
.text C:\Windows\system32\wuauclt.exe[5684] ADVAPI32.dll!RegCreateKeyW 7657B83D 5 Bytes JMP 00540F97
.text C:\Windows\system32\wuauclt.exe[5684] ADVAPI32.dll!RegCreateKeyExW 7657BCE1 5 Bytes JMP 0054002F
.text C:\Windows\system32\wuauclt.exe[5684] ADVAPI32.dll!RegOpenKeyExA 7657D4E8 5 Bytes JMP 00540014
.text C:\Windows\system32\wuauclt.exe[5684] ADVAPI32.dll!RegOpenKeyW 76583CB0 5 Bytes JMP 00540FDE
.text C:\Windows\system32\wuauclt.exe[5684] ADVAPI32.dll!RegOpenKeyExW 7658F09D 5 Bytes JMP 00540FC3
.text C:\Windows\system32\wuauclt.exe[5684] WS2_32.dll!socket 77CA36D1 5 Bytes JMP 0093000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\mfevtps.exe[628] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [001BA4D0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\system32\mfevtps.exe[628] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [001BA530] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4496] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00F40000
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [61119D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [61119C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61119601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [61119C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [61119D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [61119C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [61119C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61119601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [61118BE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [61119C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [61119D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [61119C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61119601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [61118BE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61118B2C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61119218] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61119218] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [61119D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61119601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [61119C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [61119C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [61118BE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61118AEE] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61118AB0] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61118BEF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [61118B2C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61119218] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4812] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61118C27] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device cdfs.sys (CD-ROM File System Driver/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Users\carinkin pc\AppData\Local\Mozilla\Firefox\Profiles\56e759i1.default\Cache\5\92\239ACd01 12939 bytes
File C:\Users\carinkin pc\AppData\Local\Mozilla\Firefox\Profiles\56e759i1.default\Cache\5\F5\BE0F1d01 12939 bytes

---- EOF - GMER 1.0.15 ----
*******************************************************************

aswMBR LOG:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-29 23:57:35
-----------------------------
23:57:35.751 OS Version: Windows 6.0.6001 Service Pack 1
23:57:35.751 Number of processors: 4 586 0xF0B
23:57:35.752 ComputerName: CARINKINPC-PC UserName: carinkin pc
23:58:57.666 Initialize success
00:00:26.782 AVAST engine defs: 12052800
00:00:46.028 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000075
00:00:46.032 Disk 0 Vendor: Hitachi_ V54O Size: 305245MB BusType: 6
00:00:46.177 Disk 0 MBR read error 0
00:00:46.185 Disk 0 MBR scan
00:00:46.282 Disk 0 unknown MBR code
00:00:46.286 MBR BIOS signature not found 0
00:00:46.289 Disk 0 scanning sectors +625139712
00:00:46.372 Disk 0 scanning C:\Windows\system32\drivers
00:01:12.457 Service scanning
00:02:24.519 Modules scanning
00:03:09.071 Disk 0 trace - called modules:
00:03:09.111 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
00:03:09.115 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8740dac8]
00:03:09.460 3 CLASSPNP.SYS[8079f745] -> nt!IofCallDriver -> [0x8637fa88]
00:03:09.466 5 acpi.sys[8069a6a0] -> nt!IofCallDriver -> \Device\00000075[0x86390c90]
00:03:11.893 AVAST engine scan C:\Windows
00:03:18.435 AVAST engine scan C:\Windows\system32
00:21:03.987 AVAST engine scan C:\Windows\system32\drivers
00:22:29.558 AVAST engine scan C:\Users\carinkin pc
04:22:17.014 AVAST engine scan C:\ProgramData
04:59:26.209 Scan finished successfully
07:57:19.204 Disk 0 MBR has been saved successfully to "C:\Users\carinkin pc\Desktop\MBR.dat"
07:57:19.219 The log file has been saved successfully to "C:\Users\carinkin pc\Desktop\aswMBR.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:21 PM

Posted 30 May 2012 - 03:18 PM

Ran all processes. The "Welcome to Nginx" still there instead of the Google start page.

Do you still have that?

#7 skolko

skolko
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 30 May 2012 - 03:19 PM

Yes

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:21 PM

Posted 30 May 2012 - 03:20 PM

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Edited by narenxp, 30 May 2012 - 03:21 PM.


#9 skolko

skolko
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 30 May 2012 - 07:24 PM

Ran ESET Online Scanner. No threats detected. For some reason, cannot find a LOG.

Ran mini toolbox. Here are the results:

MiniToolBox by Farbar Version: 14-01-2012
Ran by carinkin pc (administrator) on 30-05-2012 at 20:09:07
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

D-Link Wireless N USB Adapter DWA-130 = Wireless Network Connection 4 (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : carinkinpc-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : phub.net.cable.rogers.com

Wireless LAN adapter Wireless Network Connection 4:

Connection-specific DNS Suffix . : phub.net.cable.rogers.com
Description . . . . . . . . . . . : D-Link Wireless N USB Adapter DWA-130 #3
Physical Address. . . . . . . . . : 00-1B-11-F3-53-72
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7d56:729e:c5e9:c79f%21(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.106(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : May-30-12 8:03:16 PM
Lease Expires . . . . . . . . . . : May-31-12 8:03:16 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 64.71.255.198
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-1E-C9-2E-C4-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:cfe:239d:3f57:fe95(Preferred)
Link-local IPv6 Address . . . . . : fe80::cfe:239d:3f57:fe95%8(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 85:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.phub.net.cable.rogers.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 86:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{877FDD01-E0BB-4F19-9DAA-6E73F4152ACD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 87:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{FD71E861-F5CB-4A78-AE40-4D3CA7BA2A0C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 91:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.phub.net.cable.rogers.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 93:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.phub.net.cable.rogers.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 95:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : phub.net.cable.rogers.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #29
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 100:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{877FDD01-E0BB-4F19-9DAA-6E73F4152ACD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 101:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{877FDD01-E0BB-4F19-9DAA-6E73F4152ACD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 102:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #32
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns.rnc.net.cable.rogers.com
Address: 64.71.255.198

Name: google.com
Addresses: 74.125.226.40
74.125.226.32
74.125.226.33
74.125.226.35
74.125.226.38
74.125.226.46
74.125.226.39
74.125.226.36
74.125.226.34
74.125.226.37
74.125.226.41



Pinging google.com [74.125.226.33] with 32 bytes of data:

Reply from 74.125.226.33: bytes=32 time=533ms TTL=56

Reply from 74.125.226.33: bytes=32 time=26ms TTL=56



Ping statistics for 74.125.226.33:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 26ms, Maximum = 533ms, Average = 279ms

Server: dns.rnc.net.cable.rogers.com
Address: 64.71.255.198

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=144ms TTL=54

Reply from 209.191.122.70: bytes=32 time=46ms TTL=54



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 144ms, Average = 95ms

Server: dns.rnc.net.cable.rogers.com
Address: 64.71.255.198

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
21 ...00 1b 11 f3 53 72 ...... D-Link Wireless N USB Adapter DWA-130 #3
9 ...00 1e c9 2e c4 5d ...... NVIDIA nForce Networking Controller
1 ........................... Software Loopback Interface 1
8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
20 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
92 ...00 00 00 00 00 00 00 e0 isatap.phub.net.cable.rogers.com
91 ...00 00 00 00 00 00 00 e0 isatap.{877FDD01-E0BB-4F19-9DAA-6E73F4152ACD}
96 ...00 00 00 00 00 00 00 e0 isatap.{FD71E861-F5CB-4A78-AE40-4D3CA7BA2A0C}
100 ...00 00 00 00 00 00 00 e0 isatap.phub.net.cable.rogers.com
98 ...00 00 00 00 00 00 00 e0 isatap.phub.net.cable.rogers.com
119 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #29
105 ...00 00 00 00 00 00 00 e0 isatap.{877FDD01-E0BB-4F19-9DAA-6E73F4152ACD}
106 ...00 00 00 00 00 00 00 e0 isatap.{877FDD01-E0BB-4F19-9DAA-6E73F4152ACD}
108 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #32
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.106 40
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.106 296
192.168.1.106 255.255.255.255 On-link 192.168.1.106 296
192.168.1.255 255.255.255.255 On-link 192.168.1.106 296
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.106 296
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.106 296
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
8 18 ::/0 On-link
1 306 ::1/128 On-link
8 18 2001::/32 On-link
8 266 2001:0:4137:9e76:cfe:239d:3f57:fe95/128
On-link
21 296 fe80::/64 On-link
8 266 fe80::/64 On-link
8 266 fe80::cfe:239d:3f57:fe95/128
On-link
21 296 fe80::7d56:729e:c5e9:c79f/128
On-link
1 306 ff00::/8 On-link
8 266 ff00::/8 On-link
21 296 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/30/2012 08:00:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 110464

Error: (05/30/2012 08:00:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 110464

Error: (05/30/2012 08:00:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2012 08:00:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 109466

Error: (05/30/2012 08:00:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 109466

Error: (05/30/2012 08:00:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2012 08:00:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 108467

Error: (05/30/2012 08:00:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 108467

Error: (05/30/2012 08:00:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2012 08:00:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 107469


System errors:
=============
Error: (05/30/2012 01:03:02 PM) (Source: DCOM) (User: )
Description: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6}

Error: (05/30/2012 01:02:18 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (05/29/2012 11:44:48 PM) (Source: Service Control Manager) (User: )
Description: Lavasoft Ad-Aware Service1

Error: (05/29/2012 11:42:04 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{FD71E861-F5CB-4A78-AE40-4D3CA7BA2A0C}.
The backup browser is stopping.

Error: (05/29/2012 08:28:01 AM) (Source: DCOM) (User: )
Description: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6}

Error: (05/28/2012 03:01:59 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer OWNER-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FD71E861-F5CB-4A78-AE40-4D3CA7BA2.
The master browser is stopping or an election is being forced.

Error: (05/28/2012 08:19:10 AM) (Source: DCOM) (User: )
Description: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6}

Error: (05/27/2012 10:00:48 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer OWNER-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FD71E861-F5CB-4A78-AE40-4D3CA7BA2.
The master browser is stopping or an election is being forced.

Error: (05/27/2012 08:17:27 AM) (Source: DCOM) (User: )
Description: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" -Embedding740{FFF2D28F-E4EE-44D9-8104-8E71556757F6}

Error: (05/27/2012 08:16:37 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos


Microsoft Office Sessions:
=========================
Error: (07/13/2011 01:13:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/13/2011 01:12:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/13/2011 01:11:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Ad-Aware (Version: 9.6.0)
Ad-Aware Security Toolbar (Version: 0.9.1.8)
Adobe AIR (Version: 3.2.0.2070)
Adobe Digital Editions
Adobe Flash Player 10 ActiveX (Version: 10.3.181.14)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Reader 8.3.1 (Version: 8.3.1)
aiofw (Version: 2.03.0000.0000)
aioocr (Version: 1.00.0000)
aioprnt (Version: 2.02.0000.0000)
aioscnnr (Version: 2.02.0000.0000)
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Software Update (Version: 2.1.1.116)
Avery Wizard 3.1 (Version: 3.1.5)
Bonjour (Version: 2.0.4.0)
Browser Address Error Redirector (Version: 1.00.0000)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
Canon MOV Decoder (Version: 1.8.0.7)
Canon MOV Encoder (Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.7.0.4)
Canon MP Navigator EX 2.1
Canon MX320 series MP Drivers
Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC (Version: 7.1.0.7)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Digital Photo Professional 3.10 (Version: 3.10.0.0)
Canon Utilities EOS Sample Music (Version: 1.0.0.204)
Canon Utilities EOS Utility (Version: 2.10.0.0)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (Version: 1.0.0.10)
Canon Utilities Movie Uploader for YouTube (Version: 1.2.0.7)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities MyCamera DC (Version: 7.0.1.8)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities Picture Style Editor (Version: 1.9.0.0)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities ZoomBrowser EX (Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.5.0.9)
center (Version: 2.02.0000.0000)
D-Link Wireless N USB Adapter DWA-130 (Version: 1.10b2)
Dell DataSafe Online (Version: 1.0.21)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.2.09085)
Diablo II
ESET Online Scanner v3
Full Tilt Poker (Version: 4.26.4.WIN.FullTilt.COM)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.2.2.6613)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
Hallmark Smilebox
Help_CTR (Version: 2.02.0000.000)
helptut (Version: 2.00.0000.0000)
helpug (Version: 2.02.0000.0000)
Heroes of Might and Magic IV (Version: 1.0)
IKEA Home Planner (Version: 1.9.7)
iTunes (Version: 9.0.2.25)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
KODAK All-in-One Printer Software
KODAK EASYSHARE Gallery Upload ActiveX Control
ksdip (Version: 2.00.0000.0000)
Lexmark 4300 Series
Marketmaker CFD-FX Canadian (Version: 1.0.0.0)
McAfee AntiVirus Plus (Version: 11.0.669)
McAfee Security Scan Plus (Version: 2.0.181.2)
McAfee Virtual Technician (Version: 5.5.2.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Mouse Suite for Desktop Computers (Version: 2.50.025)
Move Networks Media Player for Internet Explorer
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MTI 4
Music, Photos & Videos Launcher (Version: 1.00.0000)
netbrdg (Version: 6.03.0001.0002)
NOOK for PC (Version: 2.5.3.4630)
NVIDIA Drivers
NVIDIA Performance (Version: 1.00.0000)
NVIDIA System Monitor (Version: 1.00.0000)
PartyPoker (Version: 130)
Picasa 3 (Version: 3.8)
Poker Calculator Pro
PokerStars
PokerTracker 3 (remove only)
PostgreSQL 8.3 (Version: 8.3)
Product Documentation Launcher (Version: 1.00.0000)
Punch! Home Design - Platinum
QuickTime (Version: 7.65.17.80)
Realtek High Definition Audio Driver
Rogers Yahoo! Applications
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio MyDVD DE (Version: 9.0.116)
Roxio Update Manager (Version: 3.0.0)
Safari (Version: 5.33.21.1)
SFR (Version: 6.04.0000.0001)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.8 (Version: 5.8.158)
Sonic Activation Module (Version: 1.0)
Tournament Shark
Trend Micro PC-cillin Internet Security (Version: 14.7)
TweetDeck (Version: 0.38.2)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guides
WeatherEye
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 3324.57 MB
Available physical RAM: 1977.04 MB
Total Pagefile: 6856.14 MB
Available Pagefile: 4500.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.06 MB

========================= Partitions: =====================================

2 Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:175.21 GB) NTFS
3 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.37 GB) NTFS
4 Drive e: (New) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\CARINKINPC-PC

Administrator carinkin pc Guest
postgres


**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:21 PM

Posted 30 May 2012 - 08:48 PM

Do you still have issues?

If yes,download

Hosts fix

Run it,restart the PC and let me know if it works




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users