Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove 2 Trojan.Agen.LTGen


  • Please log in to reply
6 replies to this topic

#1 AngelLopez

AngelLopez

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 31 May 2012 - 03:08 AM

Hello Everyone, I seemed to have this trojan that did not go away after I scanned my computer with malwarebytes and upon deletion. I rescanned my computer again after the reboot and somehow the 2 trojans were still there, I also notice Avast would pop saying some website was block when I didn't even go to a malicious site. They are called Trojan.Agen.LTGen and I also notice somehow it caused a system crash with Dr Watson on my XP Pro.

I'm not having problems yet, but Malware shows that these 2 trojans are still there after 2 scans (First scan I delted them both and it asked me to reboot, then I scan again after window's boots up and they show up again). Thanks, will check on the response this morning.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:38 PM

Posted 31 May 2012 - 07:28 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 AngelLopez

AngelLopez
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 31 May 2012 - 02:29 PM

Thanks narenxp for the response, here are my logs:

09:55:45.0265 3976 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
09:55:45.0718 3976 ============================================================
09:55:45.0718 3976 Current date / time: 2012/05/31 09:55:45.0718
09:55:45.0718 3976 SystemInfo:
09:55:45.0718 3976
09:55:45.0718 3976 OS Version: 5.1.2600 ServicePack: 3.0
09:55:45.0718 3976 Product type: Workstation
09:55:45.0718 3976 ComputerName: UMBRELLACORP
09:55:45.0718 3976 UserName: Cloud Strife
09:55:45.0718 3976 Windows directory: C:\WINDOWS
09:55:45.0718 3976 System windows directory: C:\WINDOWS
09:55:45.0718 3976 Processor architecture: Intel x86
09:55:45.0718 3976 Number of processors: 2
09:55:45.0718 3976 Page size: 0x1000
09:55:45.0718 3976 Boot type: Normal boot
09:55:45.0718 3976 ============================================================
09:55:46.0203 3976 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
09:55:46.0218 3976 ============================================================
09:55:46.0218 3976 \Device\Harddisk0\DR0:
09:55:46.0218 3976 MBR partitions:
09:55:46.0218 3976 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
09:55:46.0218 3976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0x1869E559
09:55:46.0234 3976 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1FBCEA78, BlocksNum 0xC34F28D
09:55:46.0250 3976 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2BF1DD44, BlocksNum 0xC34F28D
09:55:46.0265 3976 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x3826D010, BlocksNum 0x2113D70
09:55:46.0265 3976 ============================================================
09:55:46.0296 3976 D: <-> \Device\Harddisk0\DR0\Partition1
09:55:47.0531 3976 E: <-> \Device\Harddisk0\DR0\Partition2
09:55:47.0562 3976 C: <-> \Device\Harddisk0\DR0\Partition0
09:55:47.0625 3976 F: <-> \Device\Harddisk0\DR0\Partition3
09:55:47.0687 3976 I: <-> \Device\Harddisk0\DR0\Partition4
09:55:47.0687 3976 ============================================================
09:55:47.0687 3976 Initialize success
09:55:47.0687 3976 ============================================================
09:56:06.0109 4072 ============================================================
09:56:06.0109 4072 Scan started
09:56:06.0109 4072 Mode: Manual; TDLFS;
09:56:06.0109 4072 ============================================================
09:56:06.0250 4072 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
09:56:06.0250 4072 !SASCORE - ok
09:56:06.0343 4072 65015756 - ok
09:56:06.0359 4072 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
09:56:06.0359 4072 Aavmker4 - ok
09:56:06.0375 4072 Abiosdsk - ok
09:56:06.0375 4072 abp480n5 - ok
09:56:06.0437 4072 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:56:06.0437 4072 ACPI - ok
09:56:06.0453 4072 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:56:06.0453 4072 ACPIEC - ok
09:56:06.0500 4072 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:56:06.0500 4072 AdobeFlashPlayerUpdateSvc - ok
09:56:06.0515 4072 adpu160m - ok
09:56:06.0531 4072 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:56:06.0546 4072 aec - ok
09:56:06.0562 4072 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:56:06.0562 4072 AFD - ok
09:56:06.0562 4072 Aha154x - ok
09:56:06.0578 4072 aic78u2 - ok
09:56:06.0578 4072 aic78xx - ok
09:56:06.0781 4072 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files\common files\akamai/netsession_win_80c2ffa.dll
09:56:06.0781 4072 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
09:56:06.0796 4072 Akamai ( HiddenFile.Multi.Generic ) - warning
09:56:06.0796 4072 Akamai - detected HiddenFile.Multi.Generic (1)
09:56:06.0859 4072 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:56:06.0859 4072 Alerter - ok
09:56:06.0875 4072 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:56:06.0875 4072 ALG - ok
09:56:06.0875 4072 AliIde - ok
09:56:06.0890 4072 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
09:56:06.0890 4072 AmdK8 - ok
09:56:06.0906 4072 amsint - ok
09:56:06.0937 4072 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:56:06.0937 4072 AppMgmt - ok
09:56:06.0953 4072 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:56:06.0953 4072 Arp1394 - ok
09:56:06.0953 4072 asc - ok
09:56:06.0953 4072 asc3350p - ok
09:56:06.0968 4072 asc3550 - ok
09:56:07.0046 4072 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:56:07.0062 4072 aspnet_state - ok
09:56:07.0078 4072 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
09:56:07.0078 4072 aswFsBlk - ok
09:56:07.0093 4072 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
09:56:07.0093 4072 aswMon2 - ok
09:56:07.0125 4072 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
09:56:07.0125 4072 aswRdr - ok
09:56:07.0171 4072 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
09:56:07.0171 4072 aswSnx - ok
09:56:07.0203 4072 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
09:56:07.0203 4072 aswSP - ok
09:56:07.0218 4072 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
09:56:07.0218 4072 aswTdi - ok
09:56:07.0234 4072 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:56:07.0234 4072 AsyncMac - ok
09:56:07.0250 4072 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:56:07.0250 4072 atapi - ok
09:56:07.0250 4072 Atdisk - ok
09:56:07.0265 4072 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:56:07.0265 4072 Atmarpc - ok
09:56:07.0281 4072 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:56:07.0281 4072 AudioSrv - ok
09:56:07.0296 4072 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:56:07.0296 4072 audstub - ok
09:56:07.0343 4072 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:56:07.0343 4072 avast! Antivirus - ok
09:56:07.0359 4072 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:56:07.0359 4072 Beep - ok
09:56:07.0406 4072 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:56:07.0406 4072 BITS - ok
09:56:07.0437 4072 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:56:07.0437 4072 Browser - ok
09:56:07.0437 4072 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:56:07.0437 4072 cbidf2k - ok
09:56:07.0437 4072 cd20xrnt - ok
09:56:07.0453 4072 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:56:07.0453 4072 Cdaudio - ok
09:56:07.0468 4072 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:56:07.0468 4072 Cdfs - ok
09:56:07.0468 4072 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:56:07.0468 4072 Cdrom - ok
09:56:07.0468 4072 Changer - ok
09:56:07.0500 4072 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:56:07.0500 4072 CiSvc - ok
09:56:07.0515 4072 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:56:07.0531 4072 ClipSrv - ok
09:56:07.0562 4072 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:56:07.0562 4072 clr_optimization_v2.0.50727_32 - ok
09:56:07.0609 4072 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:56:07.0609 4072 clr_optimization_v4.0.30319_32 - ok
09:56:07.0703 4072 cm102u32 (59e789cd92a1c8a5075f9bafd454a2e0) C:\WINDOWS\system32\drivers\c6501.sys
09:56:07.0718 4072 cm102u32 - ok
09:56:07.0718 4072 CmdIde - ok
09:56:07.0718 4072 COMSysApp - ok
09:56:07.0734 4072 Cpqarray - ok
09:56:07.0765 4072 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\WINDOWS\system32\drivers\cpuz134_x32.sys
09:56:07.0765 4072 cpuz134 - ok
09:56:07.0781 4072 cpuz135 (3411fdf098aa20193eee5ffa36ba43b2) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
09:56:07.0781 4072 cpuz135 - ok
09:56:07.0796 4072 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe
09:56:07.0796 4072 Creative Service for CDROM Access - ok
09:56:07.0812 4072 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:56:07.0812 4072 CryptSvc - ok
09:56:07.0828 4072 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
09:56:07.0828 4072 ctsfm2k - ok
09:56:07.0843 4072 dac2w2k - ok
09:56:07.0843 4072 dac960nt - ok
09:56:07.0875 4072 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:56:07.0890 4072 DcomLaunch - ok
09:56:07.0906 4072 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:56:07.0906 4072 Dhcp - ok
09:56:07.0906 4072 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:56:07.0906 4072 Disk - ok
09:56:07.0906 4072 dmadmin - ok
09:56:07.0968 4072 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:56:07.0968 4072 dmboot - ok
09:56:07.0968 4072 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:56:07.0984 4072 dmio - ok
09:56:07.0984 4072 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:56:07.0984 4072 dmload - ok
09:56:08.0000 4072 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:56:08.0000 4072 dmserver - ok
09:56:08.0015 4072 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:56:08.0015 4072 DMusic - ok
09:56:08.0046 4072 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:56:08.0046 4072 Dnscache - ok
09:56:08.0062 4072 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:56:08.0062 4072 Dot3svc - ok
09:56:08.0062 4072 dpti2o - ok
09:56:08.0078 4072 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:56:08.0078 4072 drmkaud - ok
09:56:08.0109 4072 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:56:08.0109 4072 EapHost - ok
09:56:08.0125 4072 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:56:08.0125 4072 ERSvc - ok
09:56:08.0140 4072 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:56:08.0156 4072 Eventlog - ok
09:56:08.0171 4072 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:56:08.0187 4072 EventSystem - ok
09:56:08.0203 4072 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:56:08.0203 4072 Fastfat - ok
09:56:08.0218 4072 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:56:08.0218 4072 FastUserSwitchingCompatibility - ok
09:56:08.0234 4072 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:56:08.0234 4072 Fdc - ok
09:56:08.0234 4072 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:56:08.0234 4072 Fips - ok
09:56:08.0250 4072 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:56:08.0250 4072 Flpydisk - ok
09:56:08.0265 4072 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:56:08.0265 4072 FltMgr - ok
09:56:08.0343 4072 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:56:08.0359 4072 FontCache3.0.0.0 - ok
09:56:08.0359 4072 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:56:08.0359 4072 Fs_Rec - ok
09:56:08.0375 4072 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:56:08.0375 4072 Ftdisk - ok
09:56:08.0375 4072 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:56:08.0375 4072 Gpc - ok
09:56:08.0437 4072 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:56:08.0437 4072 gusvc - ok
09:56:08.0468 4072 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:56:08.0468 4072 helpsvc - ok
09:56:08.0468 4072 HidServ - ok
09:56:08.0500 4072 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:56:08.0500 4072 HidUsb - ok
09:56:08.0531 4072 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:56:08.0531 4072 hkmsvc - ok
09:56:08.0531 4072 hpn - ok
09:56:08.0562 4072 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:56:08.0562 4072 HTTP - ok
09:56:08.0609 4072 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:56:08.0625 4072 HTTPFilter - ok
09:56:08.0625 4072 i2omgmt - ok
09:56:08.0625 4072 i2omp - ok
09:56:08.0640 4072 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:56:08.0640 4072 i8042prt - ok
09:56:08.0703 4072 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:56:08.0718 4072 idsvc - ok
09:56:08.0718 4072 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:56:08.0718 4072 Imapi - ok
09:56:08.0750 4072 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:56:08.0750 4072 ImapiService - ok
09:56:08.0750 4072 ini910u - ok
09:56:08.0765 4072 IntelIde - ok
09:56:08.0781 4072 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:56:08.0781 4072 Ip6Fw - ok
09:56:08.0796 4072 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:56:08.0796 4072 IpFilterDriver - ok
09:56:08.0812 4072 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:56:08.0812 4072 IpInIp - ok
09:56:08.0828 4072 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:56:08.0828 4072 IpNat - ok
09:56:08.0843 4072 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:56:08.0843 4072 IPSec - ok
09:56:08.0859 4072 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:56:08.0859 4072 IRENUM - ok
09:56:08.0859 4072 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:56:08.0859 4072 isapnp - ok
09:56:08.0921 4072 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
09:56:08.0921 4072 JavaQuickStarterService - ok
09:56:08.0937 4072 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:56:08.0937 4072 Kbdclass - ok
09:56:08.0953 4072 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:56:08.0953 4072 kmixer - ok
09:56:08.0968 4072 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:56:08.0968 4072 KSecDD - ok
09:56:08.0984 4072 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:56:09.0000 4072 lanmanserver - ok
09:56:09.0031 4072 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:56:09.0031 4072 lanmanworkstation - ok
09:56:09.0031 4072 lbrtfdc - ok
09:56:09.0093 4072 LightScribeService (31d8b705dcd5f2366186e731f87c7a71) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:56:09.0093 4072 LightScribeService - ok
09:56:09.0093 4072 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:56:09.0093 4072 LmHosts - ok
09:56:09.0109 4072 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:56:09.0109 4072 Messenger - ok
09:56:09.0125 4072 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:56:09.0125 4072 mnmdd - ok
09:56:09.0156 4072 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:56:09.0156 4072 mnmsrvc - ok
09:56:09.0171 4072 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:56:09.0171 4072 Modem - ok
09:56:09.0171 4072 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:56:09.0171 4072 Mouclass - ok
09:56:09.0203 4072 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:56:09.0203 4072 mouhid - ok
09:56:09.0203 4072 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:56:09.0203 4072 MountMgr - ok
09:56:09.0203 4072 mraid35x - ok
09:56:09.0218 4072 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:56:09.0218 4072 MRxDAV - ok
09:56:09.0265 4072 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:56:09.0265 4072 MRxSmb - ok
09:56:09.0281 4072 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:56:09.0296 4072 MSDTC - ok
09:56:09.0296 4072 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:56:09.0296 4072 Msfs - ok
09:56:09.0312 4072 MSIServer - ok
09:56:09.0312 4072 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:56:09.0312 4072 MSKSSRV - ok
09:56:09.0328 4072 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:56:09.0328 4072 MSPCLOCK - ok
09:56:09.0328 4072 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:56:09.0328 4072 MSPQM - ok
09:56:09.0359 4072 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:56:09.0359 4072 mssmbios - ok
09:56:09.0375 4072 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
09:56:09.0375 4072 MTsensor - ok
09:56:09.0390 4072 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:56:09.0390 4072 Mup - ok
09:56:09.0437 4072 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:56:09.0437 4072 napagent - ok
09:56:09.0468 4072 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:56:09.0468 4072 NDIS - ok
09:56:09.0468 4072 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:56:09.0468 4072 NdisTapi - ok
09:56:09.0484 4072 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:56:09.0484 4072 Ndisuio - ok
09:56:09.0500 4072 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:56:09.0500 4072 NdisWan - ok
09:56:09.0515 4072 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:56:09.0531 4072 NDProxy - ok
09:56:09.0531 4072 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:56:09.0531 4072 NetBIOS - ok
09:56:09.0546 4072 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:56:09.0546 4072 NetBT - ok
09:56:09.0578 4072 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:56:09.0578 4072 NetDDE - ok
09:56:09.0578 4072 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:56:09.0578 4072 NetDDEdsdm - ok
09:56:09.0593 4072 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:56:09.0593 4072 Netlogon - ok
09:56:09.0625 4072 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:56:09.0625 4072 Netman - ok
09:56:09.0718 4072 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:56:09.0718 4072 NetTcpPortSharing - ok
09:56:09.0718 4072 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:56:09.0718 4072 NIC1394 - ok
09:56:09.0750 4072 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:56:09.0750 4072 Nla - ok
09:56:09.0828 4072 NMIndexingService (dbb5f7b1a4f109cd7a1abd3ac7a10d39) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
09:56:09.0828 4072 NMIndexingService - ok
09:56:09.0828 4072 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:56:09.0828 4072 Npfs - ok
09:56:09.0859 4072 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:56:09.0859 4072 Ntfs - ok
09:56:09.0875 4072 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:56:09.0875 4072 NtLmSsp - ok
09:56:09.0906 4072 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:56:09.0906 4072 NtmsSvc - ok
09:56:09.0937 4072 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:56:09.0937 4072 Null - ok
09:56:10.0296 4072 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:56:10.0359 4072 nv - ok
09:56:10.0437 4072 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys
09:56:10.0437 4072 nvata - ok
09:56:10.0453 4072 NVENETFD (97724affdd7a5a47c3bc07ccd1b88745) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
09:56:10.0453 4072 NVENETFD - ok
09:56:10.0484 4072 nvgts (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
09:56:10.0484 4072 nvgts - ok
09:56:10.0500 4072 nvnetbus (82c2b3a89b9edfa6287c5aba1a4e6a99) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
09:56:10.0500 4072 nvnetbus - ok
09:56:10.0531 4072 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
09:56:10.0531 4072 NVSvc - ok
09:56:10.0703 4072 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
09:56:10.0718 4072 nvUpdatusService - ok
09:56:10.0796 4072 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:56:10.0796 4072 NwlnkFlt - ok
09:56:10.0796 4072 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:56:10.0796 4072 NwlnkFwd - ok
09:56:10.0828 4072 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:56:10.0828 4072 ohci1394 - ok
09:56:10.0859 4072 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
09:56:10.0859 4072 ossrv - ok
09:56:10.0921 4072 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
09:56:10.0937 4072 P17 - ok
09:56:10.0937 4072 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:56:10.0937 4072 Parport - ok
09:56:10.0953 4072 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:56:10.0953 4072 PartMgr - ok
09:56:10.0984 4072 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:56:10.0984 4072 ParVdm - ok
09:56:10.0984 4072 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:56:10.0984 4072 PCI - ok
09:56:11.0000 4072 PCIDump - ok
09:56:11.0015 4072 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:56:11.0015 4072 PCIIde - ok
09:56:11.0031 4072 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:56:11.0031 4072 Pcmcia - ok
09:56:11.0031 4072 PDCOMP - ok
09:56:11.0046 4072 PDFRAME - ok
09:56:11.0046 4072 PDRELI - ok
09:56:11.0046 4072 PDRFRAME - ok
09:56:11.0046 4072 perc2 - ok
09:56:11.0046 4072 perc2hib - ok
09:56:11.0078 4072 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:56:11.0093 4072 PlugPlay - ok
09:56:11.0109 4072 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:56:11.0125 4072 PolicyAgent - ok
09:56:11.0125 4072 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:56:11.0125 4072 PptpMiniport - ok
09:56:11.0140 4072 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:56:11.0140 4072 Processor - ok
09:56:11.0140 4072 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:56:11.0156 4072 ProtectedStorage - ok
09:56:11.0156 4072 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:56:11.0156 4072 PSched - ok
09:56:11.0187 4072 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:56:11.0187 4072 Ptilink - ok
09:56:11.0218 4072 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:56:11.0218 4072 PxHelp20 - ok
09:56:11.0218 4072 ql1080 - ok
09:56:11.0218 4072 Ql10wnt - ok
09:56:11.0218 4072 ql12160 - ok
09:56:11.0234 4072 ql1240 - ok
09:56:11.0234 4072 ql1280 - ok
09:56:11.0265 4072 qrkis (3b68696914e467bbe827d2552b5b85ef) C:\WINDOWS\system32\DRIVERS\qrkis.sys
09:56:11.0265 4072 qrkis - ok
09:56:11.0265 4072 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:56:11.0265 4072 RasAcd - ok
09:56:11.0296 4072 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:56:11.0296 4072 RasAuto - ok
09:56:11.0296 4072 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:56:11.0296 4072 Rasl2tp - ok
09:56:11.0328 4072 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:56:11.0343 4072 RasMan - ok
09:56:11.0343 4072 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:56:11.0343 4072 RasPppoe - ok
09:56:11.0343 4072 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:56:11.0343 4072 Raspti - ok
09:56:11.0359 4072 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:56:11.0359 4072 Rdbss - ok
09:56:11.0375 4072 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:56:11.0375 4072 RDPCDD - ok
09:56:11.0390 4072 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:56:11.0390 4072 rdpdr - ok
09:56:11.0421 4072 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:56:11.0421 4072 RDPWD - ok
09:56:11.0453 4072 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:56:11.0453 4072 RDSessMgr - ok
09:56:11.0468 4072 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:56:11.0468 4072 redbook - ok
09:56:11.0484 4072 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:56:11.0484 4072 RemoteAccess - ok
09:56:11.0500 4072 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:56:11.0515 4072 RemoteRegistry - ok
09:56:11.0531 4072 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
09:56:11.0531 4072 RimUsb - ok
09:56:11.0546 4072 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
09:56:11.0546 4072 RimVSerPort - ok
09:56:11.0546 4072 rjdgbwij - ok
09:56:11.0578 4072 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
09:56:11.0578 4072 ROOTMODEM - ok
09:56:11.0593 4072 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:56:11.0593 4072 RpcLocator - ok
09:56:11.0640 4072 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:56:11.0640 4072 RpcSs - ok
09:56:11.0671 4072 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:56:11.0687 4072 RSVP - ok
09:56:11.0703 4072 SaiHFF0C (865e3e3a6f8461f02750b44bbe75ea07) C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys
09:56:11.0703 4072 SaiHFF0C - ok
09:56:11.0718 4072 SaiUFF0C (3d425c6246299b85d718d162d31fd62e) C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys
09:56:11.0718 4072 SaiUFF0C - ok
09:56:11.0734 4072 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:56:11.0734 4072 SamSs - ok
09:56:11.0781 4072 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:56:11.0781 4072 SASDIFSV - ok
09:56:11.0796 4072 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:56:11.0796 4072 SASKUTIL - ok
09:56:11.0812 4072 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:56:11.0812 4072 SCardSvr - ok
09:56:11.0843 4072 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:56:11.0843 4072 Schedule - ok
09:56:11.0859 4072 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:56:11.0875 4072 Secdrv - ok
09:56:11.0890 4072 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:56:11.0890 4072 seclogon - ok
09:56:11.0906 4072 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:56:11.0921 4072 SENS - ok
09:56:11.0921 4072 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:56:11.0921 4072 serenum - ok
09:56:11.0937 4072 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:56:11.0937 4072 Serial - ok
09:56:11.0953 4072 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:56:11.0953 4072 Sfloppy - ok
09:56:11.0984 4072 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:56:11.0984 4072 SharedAccess - ok
09:56:12.0015 4072 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:56:12.0015 4072 ShellHWDetection - ok
09:56:12.0015 4072 Simbad - ok
09:56:12.0031 4072 Sparrow - ok
09:56:12.0031 4072 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:56:12.0031 4072 splitter - ok
09:56:12.0062 4072 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:56:12.0062 4072 Spooler - ok
09:56:12.0125 4072 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\system32\Drivers\sptd.sys
09:56:12.0140 4072 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
09:56:12.0140 4072 sptd ( LockedFile.Multi.Generic ) - warning
09:56:12.0140 4072 sptd - detected LockedFile.Multi.Generic (1)
09:56:12.0140 4072 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:56:12.0140 4072 sr - ok
09:56:12.0171 4072 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:56:12.0171 4072 srservice - ok
09:56:12.0203 4072 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:56:12.0203 4072 Srv - ok
09:56:12.0234 4072 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:56:12.0234 4072 SSDPSRV - ok
09:56:12.0265 4072 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:56:12.0281 4072 stisvc - ok
09:56:12.0281 4072 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:56:12.0296 4072 swenum - ok
09:56:12.0296 4072 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:56:12.0296 4072 swmidi - ok
09:56:12.0296 4072 SwPrv - ok
09:56:12.0312 4072 symc810 - ok
09:56:12.0312 4072 symc8xx - ok
09:56:12.0312 4072 sym_hi - ok
09:56:12.0328 4072 sym_u3 - ok
09:56:12.0328 4072 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:56:12.0328 4072 sysaudio - ok
09:56:12.0343 4072 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:56:12.0359 4072 SysmonLog - ok
09:56:12.0375 4072 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:56:12.0375 4072 TapiSrv - ok
09:56:12.0406 4072 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:56:12.0421 4072 Tcpip - ok
09:56:12.0437 4072 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:56:12.0437 4072 TDPIPE - ok
09:56:12.0453 4072 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:56:12.0453 4072 TDTCP - ok
09:56:12.0468 4072 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:56:12.0468 4072 TermDD - ok
09:56:12.0484 4072 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:56:12.0500 4072 TermService - ok
09:56:12.0546 4072 Tether (5f4aa10a6ea23107d5f31fc7f7ea855c) C:\Program Files\Tether\TBService.exe
09:56:12.0546 4072 Tether - ok
09:56:12.0562 4072 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:56:12.0562 4072 Themes - ok
09:56:12.0609 4072 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
09:56:12.0625 4072 TlntSvr - ok
09:56:12.0625 4072 TosIde - ok
09:56:12.0656 4072 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:56:12.0656 4072 TrkWks - ok
09:56:12.0671 4072 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:56:12.0671 4072 Udfs - ok
09:56:12.0671 4072 ultra - ok
09:56:12.0718 4072 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:56:12.0718 4072 Update - ok
09:56:12.0734 4072 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:56:12.0734 4072 upnphost - ok
09:56:12.0750 4072 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:56:12.0765 4072 UPS - ok
09:56:12.0781 4072 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:56:12.0781 4072 usbaudio - ok
09:56:13.0031 4072 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:56:13.0031 4072 usbccgp - ok
09:56:13.0062 4072 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:56:13.0062 4072 usbehci - ok
09:56:13.0062 4072 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:56:13.0078 4072 usbhub - ok
09:56:13.0078 4072 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:56:13.0078 4072 usbohci - ok
09:56:13.0093 4072 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:56:13.0093 4072 USBSTOR - ok
09:56:13.0109 4072 uti3mtk2 (524d8d450622db4a7875b111c299a76b) C:\WINDOWS\system32\Drivers\uti3mtk2.sys
09:56:13.0109 4072 uti3mtk2 - ok
09:56:13.0125 4072 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:56:13.0125 4072 VgaSave - ok
09:56:13.0125 4072 ViaIde - ok
09:56:13.0171 4072 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
09:56:13.0171 4072 Viewpoint Manager Service - ok
09:56:13.0171 4072 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:56:13.0187 4072 VolSnap - ok
09:56:13.0203 4072 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:56:13.0203 4072 VSS - ok
09:56:13.0234 4072 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:56:13.0234 4072 W32Time - ok
09:56:13.0234 4072 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:56:13.0234 4072 Wanarp - ok
09:56:13.0250 4072 WDICA - ok
09:56:13.0250 4072 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:56:13.0250 4072 wdmaud - ok
09:56:13.0281 4072 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:56:13.0281 4072 WebClient - ok
09:56:13.0343 4072 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:56:13.0343 4072 winmgmt - ok
09:56:13.0359 4072 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:56:13.0359 4072 WmdmPmSN - ok
09:56:13.0406 4072 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:56:13.0406 4072 Wmi - ok
09:56:13.0421 4072 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:56:13.0437 4072 WmiApSrv - ok
09:56:13.0531 4072 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:56:13.0546 4072 WMPNetworkSvc - ok
09:56:13.0671 4072 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:56:13.0671 4072 WPFFontCache_v0400 - ok
09:56:13.0718 4072 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:56:13.0718 4072 wscsvc - ok
09:56:13.0750 4072 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:56:13.0750 4072 wuauserv - ok
09:56:13.0796 4072 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:56:13.0796 4072 WudfPf - ok
09:56:13.0812 4072 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:56:13.0812 4072 WudfRd - ok
09:56:13.0828 4072 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:56:13.0828 4072 WudfSvc - ok
09:56:13.0875 4072 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:56:13.0890 4072 WZCSVC - ok
09:56:13.0890 4072 XDva277 - ok
09:56:13.0921 4072 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:56:13.0921 4072 xmlprov - ok
09:56:13.0984 4072 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:56:13.0984 4072 YahooAUService - ok
09:56:14.0015 4072 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:56:14.0390 4072 \Device\Harddisk0\DR0 - ok
09:56:14.0390 4072 Boot (0x1200) (11003767466762a0ddce9f58e8fd3a79) \Device\Harddisk0\DR0\Partition0
09:56:14.0390 4072 \Device\Harddisk0\DR0\Partition0 - ok
09:56:14.0390 4072 Boot (0x1200) (4f90660250146615c680a48f58d037ae) \Device\Harddisk0\DR0\Partition1
09:56:14.0390 4072 \Device\Harddisk0\DR0\Partition1 - ok
09:56:14.0421 4072 Boot (0x1200) (59bd099655deafff802a2507817b7335) \Device\Harddisk0\DR0\Partition2
09:56:14.0421 4072 \Device\Harddisk0\DR0\Partition2 - ok
09:56:14.0437 4072 Boot (0x1200) (7a98c8b7bd455934c998965a09cd4fce) \Device\Harddisk0\DR0\Partition3
09:56:14.0437 4072 \Device\Harddisk0\DR0\Partition3 - ok
09:56:14.0453 4072 Boot (0x1200) (67b362523c583cb555ffed9f45994cd9) \Device\Harddisk0\DR0\Partition4
09:56:14.0453 4072 \Device\Harddisk0\DR0\Partition4 - ok
09:56:14.0453 4072 ============================================================
09:56:14.0453 4072 Scan finished
09:56:14.0453 4072 ============================================================
09:56:14.0453 3924 Detected object count: 2
09:56:14.0453 3924 Actual detected object count: 2
09:56:33.0375 3924 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
09:56:33.0375 3924 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
09:56:33.0390 3924 sptd ( LockedFile.Multi.Generic ) - skipped by user
09:56:33.0390 3924 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
09:56:58.0031 0348 ============================================================
09:56:58.0031 0348 Scan started
09:56:58.0031 0348 Mode: Manual; TDLFS;
09:56:58.0031 0348 ============================================================
09:56:58.0171 0348 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
09:56:58.0171 0348 !SASCORE - ok
09:56:58.0187 0348 65015756 - ok
09:56:58.0218 0348 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
09:56:58.0218 0348 Aavmker4 - ok
09:56:58.0218 0348 Abiosdsk - ok
09:56:58.0218 0348 abp480n5 - ok
09:56:58.0250 0348 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:56:58.0250 0348 ACPI - ok
09:56:58.0281 0348 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:56:58.0281 0348 ACPIEC - ok
09:56:58.0328 0348 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:56:58.0328 0348 AdobeFlashPlayerUpdateSvc - ok
09:56:58.0328 0348 adpu160m - ok
09:56:58.0375 0348 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:56:58.0375 0348 aec - ok
09:56:58.0390 0348 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:56:58.0390 0348 AFD - ok
09:56:58.0390 0348 Aha154x - ok
09:56:58.0406 0348 aic78u2 - ok
09:56:58.0406 0348 aic78xx - ok
09:56:58.0640 0348 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files\common files\akamai/netsession_win_80c2ffa.dll
09:56:58.0640 0348 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
09:56:58.0656 0348 Akamai ( HiddenFile.Multi.Generic ) - warning
09:56:58.0656 0348 Akamai - detected HiddenFile.Multi.Generic (1)
09:56:58.0718 0348 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:56:58.0718 0348 Alerter - ok
09:56:58.0734 0348 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:56:58.0734 0348 ALG - ok
09:56:58.0734 0348 AliIde - ok
09:56:58.0765 0348 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
09:56:58.0765 0348 AmdK8 - ok
09:56:58.0765 0348 amsint - ok
09:56:58.0796 0348 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:56:58.0796 0348 AppMgmt - ok
09:56:58.0812 0348 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:56:58.0812 0348 Arp1394 - ok
09:56:58.0812 0348 asc - ok
09:56:58.0828 0348 asc3350p - ok
09:56:58.0828 0348 asc3550 - ok
09:56:58.0890 0348 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:56:58.0890 0348 aspnet_state - ok
09:56:58.0906 0348 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
09:56:58.0906 0348 aswFsBlk - ok
09:56:58.0921 0348 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
09:56:58.0921 0348 aswMon2 - ok
09:56:58.0953 0348 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
09:56:58.0953 0348 aswRdr - ok
09:56:59.0000 0348 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
09:56:59.0000 0348 aswSnx - ok
09:56:59.0078 0348 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
09:56:59.0078 0348 aswSP - ok
09:56:59.0093 0348 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
09:56:59.0093 0348 aswTdi - ok
09:56:59.0109 0348 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:56:59.0109 0348 AsyncMac - ok
09:56:59.0109 0348 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:56:59.0125 0348 atapi - ok
09:56:59.0125 0348 Atdisk - ok
09:56:59.0140 0348 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:56:59.0140 0348 Atmarpc - ok
09:56:59.0156 0348 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:56:59.0156 0348 AudioSrv - ok
09:56:59.0171 0348 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:56:59.0171 0348 audstub - ok
09:56:59.0218 0348 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:56:59.0218 0348 avast! Antivirus - ok
09:56:59.0234 0348 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:56:59.0234 0348 Beep - ok
09:56:59.0281 0348 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:56:59.0281 0348 BITS - ok
09:56:59.0312 0348 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:56:59.0312 0348 Browser - ok
09:56:59.0312 0348 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:56:59.0328 0348 cbidf2k - ok
09:56:59.0328 0348 cd20xrnt - ok
09:56:59.0343 0348 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:56:59.0343 0348 Cdaudio - ok
09:56:59.0343 0348 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:56:59.0343 0348 Cdfs - ok
09:56:59.0343 0348 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:56:59.0359 0348 Cdrom - ok
09:56:59.0359 0348 Changer - ok
09:56:59.0390 0348 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:56:59.0390 0348 CiSvc - ok
09:56:59.0406 0348 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:56:59.0406 0348 ClipSrv - ok
09:56:59.0453 0348 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:56:59.0453 0348 clr_optimization_v2.0.50727_32 - ok
09:56:59.0484 0348 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:56:59.0500 0348 clr_optimization_v4.0.30319_32 - ok
09:56:59.0593 0348 cm102u32 (59e789cd92a1c8a5075f9bafd454a2e0) C:\WINDOWS\system32\drivers\c6501.sys
09:56:59.0593 0348 cm102u32 - ok
09:56:59.0609 0348 CmdIde - ok
09:56:59.0609 0348 COMSysApp - ok
09:56:59.0609 0348 Cpqarray - ok
09:56:59.0640 0348 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\WINDOWS\system32\drivers\cpuz134_x32.sys
09:56:59.0640 0348 cpuz134 - ok
09:56:59.0656 0348 cpuz135 (3411fdf098aa20193eee5ffa36ba43b2) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
09:56:59.0656 0348 cpuz135 - ok
09:56:59.0671 0348 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe
09:56:59.0671 0348 Creative Service for CDROM Access - ok
09:56:59.0687 0348 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:56:59.0687 0348 CryptSvc - ok
09:56:59.0703 0348 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
09:56:59.0703 0348 ctsfm2k - ok
09:56:59.0703 0348 dac2w2k - ok
09:56:59.0718 0348 dac960nt - ok
09:56:59.0750 0348 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:56:59.0765 0348 DcomLaunch - ok
09:56:59.0781 0348 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:56:59.0796 0348 Dhcp - ok
09:56:59.0796 0348 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:56:59.0796 0348 Disk - ok
09:56:59.0796 0348 dmadmin - ok
09:56:59.0843 0348 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:56:59.0859 0348 dmboot - ok
09:56:59.0859 0348 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:56:59.0859 0348 dmio - ok
09:56:59.0875 0348 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:56:59.0875 0348 dmload - ok
09:56:59.0906 0348 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:56:59.0906 0348 dmserver - ok
09:56:59.0906 0348 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:56:59.0906 0348 DMusic - ok
09:56:59.0937 0348 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:56:59.0937 0348 Dnscache - ok
09:56:59.0968 0348 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:56:59.0968 0348 Dot3svc - ok
09:56:59.0968 0348 dpti2o - ok
09:56:59.0984 0348 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:56:59.0984 0348 drmkaud - ok
09:57:00.0000 0348 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:57:00.0000 0348 EapHost - ok
09:57:00.0015 0348 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:57:00.0015 0348 ERSvc - ok
09:57:00.0031 0348 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:57:00.0031 0348 Eventlog - ok
09:57:00.0062 0348 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:57:00.0062 0348 EventSystem - ok
09:57:00.0078 0348 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:57:00.0078 0348 Fastfat - ok
09:57:00.0109 0348 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:57:00.0109 0348 FastUserSwitchingCompatibility - ok
09:57:00.0125 0348 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:57:00.0125 0348 Fdc - ok
09:57:00.0125 0348 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:57:00.0125 0348 Fips - ok
09:57:00.0125 0348 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:57:00.0140 0348 Flpydisk - ok
09:57:00.0156 0348 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:57:00.0156 0348 FltMgr - ok
09:57:00.0250 0348 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:57:00.0250 0348 FontCache3.0.0.0 - ok
09:57:00.0265 0348 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:57:00.0265 0348 Fs_Rec - ok
09:57:00.0265 0348 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:57:00.0265 0348 Ftdisk - ok
09:57:00.0281 0348 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:57:00.0281 0348 Gpc - ok
09:57:00.0343 0348 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:57:00.0343 0348 gusvc - ok
09:57:00.0375 0348 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:57:00.0375 0348 helpsvc - ok
09:57:00.0375 0348 HidServ - ok
09:57:00.0390 0348 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:57:00.0390 0348 HidUsb - ok
09:57:00.0421 0348 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:57:00.0421 0348 hkmsvc - ok
09:57:00.0421 0348 hpn - ok
09:57:00.0453 0348 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:57:00.0468 0348 HTTP - ok
09:57:00.0484 0348 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:57:00.0500 0348 HTTPFilter - ok
09:57:00.0500 0348 i2omgmt - ok
09:57:00.0500 0348 i2omp - ok
09:57:00.0515 0348 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:57:00.0515 0348 i8042prt - ok
09:57:00.0578 0348 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:57:00.0593 0348 idsvc - ok
09:57:00.0593 0348 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:57:00.0593 0348 Imapi - ok
09:57:00.0625 0348 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:57:00.0625 0348 ImapiService - ok
09:57:00.0640 0348 ini910u - ok
09:57:00.0640 0348 IntelIde - ok
09:57:00.0671 0348 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:57:00.0671 0348 Ip6Fw - ok
09:57:00.0703 0348 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:57:00.0703 0348 IpFilterDriver - ok
09:57:00.0703 0348 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:57:00.0703 0348 IpInIp - ok
09:57:00.0734 0348 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:57:00.0734 0348 IpNat - ok
09:57:00.0734 0348 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:57:00.0734 0348 IPSec - ok
09:57:00.0750 0348 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:57:00.0750 0348 IRENUM - ok
09:57:00.0750 0348 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:57:00.0750 0348 isapnp - ok
09:57:00.0812 0348 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
09:57:00.0812 0348 JavaQuickStarterService - ok
09:57:00.0828 0348 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:57:00.0828 0348 Kbdclass - ok
09:57:00.0843 0348 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:57:00.0843 0348 kmixer - ok
09:57:00.0859 0348 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:57:00.0859 0348 KSecDD - ok
09:57:00.0875 0348 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:57:00.0890 0348 lanmanserver - ok
09:57:00.0921 0348 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:57:00.0937 0348 lanmanworkstation - ok
09:57:00.0937 0348 lbrtfdc - ok
09:57:00.0984 0348 LightScribeService (31d8b705dcd5f2366186e731f87c7a71) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:57:00.0984 0348 LightScribeService - ok
09:57:01.0000 0348 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:57:01.0000 0348 LmHosts - ok
09:57:01.0015 0348 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:57:01.0015 0348 Messenger - ok
09:57:01.0031 0348 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:57:01.0031 0348 mnmdd - ok
09:57:01.0062 0348 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:57:01.0062 0348 mnmsrvc - ok
09:57:01.0078 0348 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:57:01.0078 0348 Modem - ok
09:57:01.0078 0348 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:57:01.0078 0348 Mouclass - ok
09:57:01.0109 0348 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:57:01.0109 0348 mouhid - ok
09:57:01.0109 0348 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:57:01.0109 0348 MountMgr - ok
09:57:01.0109 0348 mraid35x - ok
09:57:01.0125 0348 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:57:01.0125 0348 MRxDAV - ok
09:57:01.0171 0348 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:57:01.0171 0348 MRxSmb - ok
09:57:01.0187 0348 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:57:01.0203 0348 MSDTC - ok
09:57:01.0203 0348 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:57:01.0203 0348 Msfs - ok
09:57:01.0218 0348 MSIServer - ok
09:57:01.0218 0348 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:57:01.0218 0348 MSKSSRV - ok
09:57:01.0234 0348 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:57:01.0234 0348 MSPCLOCK - ok
09:57:01.0234 0348 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:57:01.0234 0348 MSPQM - ok
09:57:01.0265 0348 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:57:01.0265 0348 mssmbios - ok
09:57:01.0281 0348 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
09:57:01.0281 0348 MTsensor - ok
09:57:01.0296 0348 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:57:01.0296 0348 Mup - ok
09:57:01.0343 0348 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:57:01.0343 0348 napagent - ok
09:57:01.0375 0348 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:57:01.0375 0348 NDIS - ok
09:57:01.0375 0348 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:57:01.0375 0348 NdisTapi - ok
09:57:01.0390 0348 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:57:01.0390 0348 Ndisuio - ok
09:57:01.0406 0348 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:57:01.0406 0348 NdisWan - ok
09:57:01.0421 0348 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:57:01.0421 0348 NDProxy - ok
09:57:01.0437 0348 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:57:01.0437 0348 NetBIOS - ok
09:57:01.0453 0348 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:57:01.0453 0348 NetBT - ok
09:57:01.0468 0348 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:57:01.0484 0348 NetDDE - ok
09:57:01.0484 0348 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:57:01.0484 0348 NetDDEdsdm - ok
09:57:01.0484 0348 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:57:01.0500 0348 Netlogon - ok
09:57:01.0515 0348 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:57:01.0515 0348 Netman - ok
09:57:01.0593 0348 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:57:01.0609 0348 NetTcpPortSharing - ok
09:57:01.0625 0348 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:57:01.0625 0348 NIC1394 - ok
09:57:01.0656 0348 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:57:01.0656 0348 Nla - ok
09:57:01.0750 0348 NMIndexingService (dbb5f7b1a4f109cd7a1abd3ac7a10d39) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
09:57:01.0765 0348 NMIndexingService - ok
09:57:01.0765 0348 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:57:01.0765 0348 Npfs - ok
09:57:01.0796 0348 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:57:01.0812 0348 Ntfs - ok
09:57:01.0812 0348 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:57:01.0812 0348 NtLmSsp - ok
09:57:01.0859 0348 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:57:01.0859 0348 NtmsSvc - ok
09:57:01.0875 0348 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:57:01.0875 0348 Null - ok
09:57:02.0234 0348 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:57:02.0296 0348 nv - ok
09:57:02.0375 0348 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys
09:57:02.0375 0348 nvata - ok
09:57:02.0406 0348 NVENETFD (97724affdd7a5a47c3bc07ccd1b88745) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
09:57:02.0406 0348 NVENETFD - ok
09:57:02.0421 0348 nvgts (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
09:57:02.0437 0348 nvgts - ok
09:57:02.0453 0348 nvnetbus (82c2b3a89b9edfa6287c5aba1a4e6a99) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
09:57:02.0453 0348 nvnetbus - ok
09:57:02.0484 0348 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
09:57:02.0484 0348 NVSvc - ok
09:57:02.0640 0348 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
09:57:02.0656 0348 nvUpdatusService - ok
09:57:02.0718 0348 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:57:02.0718 0348 NwlnkFlt - ok
09:57:02.0718 0348 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:57:02.0718 0348 NwlnkFwd - ok
09:57:02.0750 0348 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:57:02.0750 0348 ohci1394 - ok
09:57:02.0765 0348 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
09:57:02.0765 0348 ossrv - ok
09:57:02.0843 0348 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
09:57:02.0843 0348 P17 - ok
09:57:02.0875 0348 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:57:02.0875 0348 Parport - ok
09:57:02.0890 0348 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:57:02.0890 0348 PartMgr - ok
09:57:02.0906 0348 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:57:02.0906 0348 ParVdm - ok
09:57:02.0921 0348 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:57:02.0921 0348 PCI - ok
09:57:02.0921 0348 PCIDump - ok
09:57:02.0953 0348 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:57:02.0953 0348 PCIIde - ok
09:57:02.0968 0348 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:57:02.0968 0348 Pcmcia - ok
09:57:02.0968 0348 PDCOMP - ok
09:57:02.0968 0348 PDFRAME - ok
09:57:02.0968 0348 PDRELI - ok
09:57:02.0984 0348 PDRFRAME - ok
09:57:02.0984 0348 perc2 - ok
09:57:02.0984 0348 perc2hib - ok
09:57:03.0015 0348 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:57:03.0015 0348 PlugPlay - ok
09:57:03.0046 0348 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:57:03.0046 0348 PolicyAgent - ok
09:57:03.0062 0348 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:57:03.0062 0348 PptpMiniport - ok
09:57:03.0078 0348 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:57:03.0078 0348 Processor - ok
09:57:03.0078 0348 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:57:03.0078 0348 ProtectedStorage - ok
09:57:03.0093 0348 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:57:03.0093 0348 PSched - ok
09:57:03.0109 0348 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:57:03.0125 0348 Ptilink - ok
09:57:03.0140 0348 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:57:03.0140 0348 PxHelp20 - ok
09:57:03.0140 0348 ql1080 - ok
09:57:03.0156 0348 Ql10wnt - ok
09:57:03.0156 0348 ql12160 - ok
09:57:03.0156 0348 ql1240 - ok
09:57:03.0156 0348 ql1280 - ok
09:57:03.0187 0348 qrkis (3b68696914e467bbe827d2552b5b85ef) C:\WINDOWS\system32\DRIVERS\qrkis.sys
09:57:03.0187 0348 qrkis - ok
09:57:03.0187 0348 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:57:03.0187 0348 RasAcd - ok
09:57:03.0218 0348 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:57:03.0218 0348 RasAuto - ok
09:57:03.0218 0348 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:57:03.0218 0348 Rasl2tp - ok
09:57:03.0250 0348 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:57:03.0265 0348 RasMan - ok
09:57:03.0265 0348 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:57:03.0265 0348 RasPppoe - ok
09:57:03.0265 0348 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:57:03.0265 0348 Raspti - ok
09:57:03.0281 0348 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:57:03.0281 0348 Rdbss - ok
09:57:03.0296 0348 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:57:03.0296 0348 RDPCDD - ok
09:57:03.0312 0348 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:57:03.0312 0348 rdpdr - ok
09:57:03.0343 0348 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:57:03.0343 0348 RDPWD - ok
09:57:03.0375 0348 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:57:03.0375 0348 RDSessMgr - ok
09:57:03.0390 0348 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:57:03.0390 0348 redbook - ok
09:57:03.0406 0348 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:57:03.0406 0348 RemoteAccess - ok
09:57:03.0421 0348 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:57:03.0437 0348 RemoteRegistry - ok
09:57:03.0453 0348 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
09:57:03.0453 0348 RimUsb - ok
09:57:03.0468 0348 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
09:57:03.0468 0348 RimVSerPort - ok
09:57:03.0468 0348 rjdgbwij - ok
09:57:03.0500 0348 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
09:57:03.0500 0348 ROOTMODEM - ok
09:57:03.0515 0348 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:57:03.0515 0348 RpcLocator - ok
09:57:03.0531 0348 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:57:03.0546 0348 RpcSs - ok
09:57:03.0578 0348 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:57:03.0578 0348 RSVP - ok
09:57:03.0609 0348 SaiHFF0C (865e3e3a6f8461f02750b44bbe75ea07) C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys
09:57:03.0609 0348 SaiHFF0C - ok
09:57:03.0625 0348 SaiUFF0C (3d425c6246299b85d718d162d31fd62e) C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys
09:57:03.0625 0348 SaiUFF0C - ok
09:57:03.0640 0348 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:57:03.0640 0348 SamSs - ok
09:57:03.0687 0348 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:57:03.0687 0348 SASDIFSV - ok
09:57:03.0703 0348 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:57:03.0703 0348 SASKUTIL - ok
09:57:03.0718 0348 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:57:03.0718 0348 SCardSvr - ok
09:57:03.0750 0348 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:57:03.0750 0348 Schedule - ok
09:57:03.0765 0348 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:57:03.0765 0348 Secdrv - ok
09:57:03.0796 0348 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:57:03.0796 0348 seclogon - ok
09:57:03.0828 0348 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:57:03.0828 0348 SENS - ok
09:57:03.0843 0348 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:57:03.0843 0348 serenum - ok
09:57:03.0859 0348 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:57:03.0859 0348 Serial - ok
09:57:03.0875 0348 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:57:03.0875 0348 Sfloppy - ok
09:57:03.0890 0348 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:57:03.0890 0348 SharedAccess - ok
09:57:03.0921 0348 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:57:03.0937 0348 ShellHWDetection - ok
09:57:03.0937 0348 Simbad - ok
09:57:03.0937 0348 Sparrow - ok
09:57:03.0937 0348 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:57:03.0953 0348 splitter - ok
09:57:03.0968 0348 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:57:03.0968 0348 Spooler - ok
09:57:04.0031 0348 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\system32\Drivers\sptd.sys
09:57:04.0046 0348 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
09:57:04.0046 0348 sptd ( LockedFile.Multi.Generic ) - warning
09:57:04.0046 0348 sptd - detected LockedFile.Multi.Generic (1)
09:57:04.0062 0348 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:57:04.0062 0348 sr - ok
09:57:04.0093 0348 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:57:04.0093 0348 srservice - ok
09:57:04.0125 0348 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:57:04.0125 0348 Srv - ok
09:57:04.0156 0348 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:57:04.0156 0348 SSDPSRV - ok
09:57:04.0187 0348 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:57:04.0203 0348 stisvc - ok
09:57:04.0203 0348 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:57:04.0218 0348 swenum - ok
09:57:04.0218 0348 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:57:04.0218 0348 swmidi - ok
09:57:04.0218 0348 SwPrv - ok
09:57:04.0234 0348 symc810 - ok
09:57:04.0234 0348 symc8xx - ok
09:57:04.0234 0348 sym_hi - ok
09:57:04.0250 0348 sym_u3 - ok
09:57:04.0250 0348 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:57:04.0250 0348 sysaudio - ok
09:57:04.0265 0348 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:57:04.0281 0348 SysmonLog - ok
09:57:04.0296 0348 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:57:04.0296 0348 TapiSrv - ok
09:57:04.0328 0348 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:57:04.0343 0348 Tcpip - ok
09:57:04.0359 0348 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:57:04.0359 0348 TDPIPE - ok
09:57:04.0359 0348 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:57:04.0375 0348 TDTCP - ok
09:57:04.0375 0348 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:57:04.0390 0348 TermDD - ok
09:57:04.0406 0348 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:57:04.0406 0348 TermService - ok
09:57:04.0453 0348 Tether (5f4aa10a6ea23107d5f31fc7f7ea855c) C:\Program Files\Tether\TBService.exe
09:57:04.0453 0348 Tether - ok
09:57:04.0468 0348 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:57:04.0484 0348 Themes - ok
09:57:04.0515 0348 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
09:57:04.0515 0348 TlntSvr - ok
09:57:04.0515 0348 TosIde - ok
09:57:04.0531 0348 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:57:04.0546 0348 TrkWks - ok
09:57:04.0562 0348 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:57:04.0562 0348 Udfs - ok
09:57:04.0562 0348 ultra - ok
09:57:04.0625 0348 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:57:04.0625 0348 Update - ok
09:57:04.0640 0348 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:57:04.0640 0348 upnphost - ok
09:57:04.0656 0348 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:57:04.0656 0348 UPS - ok
09:57:04.0671 0348 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:57:04.0687 0348 usbaudio - ok
09:57:04.0687 0348 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:57:04.0687 0348 usbccgp - ok
09:57:04.0718 0348 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:57:04.0718 0348 usbehci - ok
09:57:04.0718 0348 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:57:04.0718 0348 usbhub - ok
09:57:04.0734 0348 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:57:04.0734 0348 usbohci - ok
09:57:04.0750 0348 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:57:04.0750 0348 USBSTOR - ok
09:57:04.0765 0348 uti3mtk2 (524d8d450622db4a7875b111c299a76b) C:\WINDOWS\system32\Drivers\uti3mtk2.sys
09:57:04.0765 0348 uti3mtk2 - ok
09:57:04.0781 0348 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:57:04.0781 0348 VgaSave - ok
09:57:04.0781 0348 ViaIde - ok
09:57:04.0828 0348 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
09:57:04.0828 0348 Viewpoint Manager Service - ok
09:57:04.0843 0348 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:57:04.0843 0348 VolSnap - ok
09:57:04.0859 0348 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:57:04.0875 0348 VSS - ok
09:57:04.0906 0348 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:57:04.0906 0348 W32Time - ok
09:57:04.0906 0348 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:57:04.0921 0348 Wanarp - ok
09:57:04.0921 0348 WDICA - ok
09:57:04.0937 0348 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:57:04.0937 0348 wdmaud - ok
09:57:04.0968 0348 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:57:04.0968 0348 WebClient - ok
09:57:05.0031 0348 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:57:05.0031 0348 winmgmt - ok
09:57:05.0062 0348 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:57:05.0062 0348 WmdmPmSN - ok
09:57:05.0109 0348 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:57:05.0109 0348 Wmi - ok
09:57:05.0125 0348 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:57:05.0140 0348 WmiApSrv - ok
09:57:05.0234 0348 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:57:05.0234 0348 WMPNetworkSvc - ok
09:57:05.0375 0348 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:57:05.0375 0348 WPFFontCache_v0400 - ok
09:57:05.0421 0348 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:57:05.0421 0348 wscsvc - ok
09:57:05.0437 0348 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:57:05.0453 0348 wuauserv - ok
09:57:05.0484 0348 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:57:05.0500 0348 WudfPf - ok
09:57:05.0515 0348 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:57:05.0515 0348 WudfRd - ok
09:57:05.0515 0348 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:57:05.0531 0348 WudfSvc - ok
09:57:05.0578 0348 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:57:05.0578 0348 WZCSVC - ok
09:57:05.0593 0348 XDva277 - ok
09:57:05.0609 0348 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:57:05.0609 0348 xmlprov - ok
09:57:05.0671 0348 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:57:05.0671 0348 YahooAUService - ok
09:57:05.0687 0348 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:57:06.0078 0348 \Device\Harddisk0\DR0 - ok
09:57:06.0078 0348 Boot (0x1200) (11003767466762a0ddce9f58e8fd3a79) \Device\Harddisk0\DR0\Partition0
09:57:06.0078 0348 \Device\Harddisk0\DR0\Partition0 - ok
09:57:06.0078 0348 Boot (0x1200) (4f90660250146615c680a48f58d037ae) \Device\Harddisk0\DR0\Partition1
09:57:06.0093 0348 \Device\Harddisk0\DR0\Partition1 - ok
09:57:06.0109 0348 Boot (0x1200) (59bd099655deafff802a2507817b7335) \Device\Harddisk0\DR0\Partition2
09:57:06.0109 0348 \Device\Harddisk0\DR0\Partition2 - ok
09:57:06.0125 0348 Boot (0x1200) (7a98c8b7bd455934c998965a09cd4fce) \Device\Harddisk0\DR0\Partition3
09:57:06.0125 0348 \Device\Harddisk0\DR0\Partition3 - ok
09:57:06.0140 0348 Boot (0x1200) (67b362523c583cb555ffed9f45994cd9) \Device\Harddisk0\DR0\Partition4
09:57:06.0140 0348 \Device\Harddisk0\DR0\Partition4 - ok
09:57:06.0140 0348 ============================================================
09:57:06.0140 0348 Scan finished
09:57:06.0140 0348 ============================================================
09:57:06.0140 0340 Detected object count: 2
09:57:06.0140 0340 Actual detected object count: 2

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-31 12:07:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts2Port3Path0Target0Lun0 WDC_WD50 rev.12.0
Running: r78ulr4b.exe; Driver: C:\DOCUME~1\CLOUDS~1\LOCALS~1\Temp\uwtdrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAE582DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAE60FA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xAE58385E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAE5AFD5D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAE5882E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAE588330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAE588422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAE5AF711]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAE588252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAE588374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAE58829A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAE5883DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAE582E44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAE5B0423]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAE5B06D9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAE5859A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAE5B028E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAE5B00F9]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAE60FB34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAE582AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAE582E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAE585D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAE583B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAE58830E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAE588352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAE588446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAE5AFA6D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAE588278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAE585518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAE5883AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAE5882C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAE58574C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAE588400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAE60FCA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAE5AFF74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAE5839CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAE5AFDC6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAE619B68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAE5AED84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAE582EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAE582F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAE582B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAE582CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAE5B052A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAE582C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAE582D5A]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAE6FA640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAE582F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xAE60FBE0]

INT 0x62 ? 8A9CBC88
INT 0x63 ? 8A95EC88
INT 0x73 ? 8A95EC88
INT 0x84 ? 8A71AF00

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAE625D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D60 80504618 2 Bytes [D6, 2A]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL AE58419F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP AE622C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP AE62474C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP AE625D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? spzr.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B1A328AC 5 Bytes JMP 8A71A450
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB0AD83C0, 0x95B7EA, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF8098E2 5 Bytes JMP AE587180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C83E 5 Bytes JMP AE58707C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138D6 5 Bytes JMP AE587036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C540 5 Bytes JMP AE586724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240B0 5 Bytes JMP AE585F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A1A 5 Bytes JMP AE5872EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831465 5 Bytes JMP AE5874F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839E9C 5 Bytes JMP AE586F3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85173B 5 Bytes JMP AE585E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC5A 5 Bytes JMP AE5867E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2C4 5 Bytes JMP AE586384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E34F 5 Bytes JMP AE586562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5C2 5 Bytes JMP AE585E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF864991 5 Bytes JMP AE5870BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873CC4 5 Bytes JMP AE58651C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890F01 5 Bytes JMP AE5867FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8944AC 5 Bytes JMP AE587232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894F84 5 Bytes JMP AE587450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3857 BF89C32B 5 Bytes JMP AE58670C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89D8C0 5 Bytes JMP AE585FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9DB BF8C1E40 5 Bytes JMP AE586104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA2A2 5 Bytes JMP AE5861AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA522 5 Bytes JMP AE5862E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EBEF7 5 Bytes JMP AE585D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB46 BF8F4EFF 5 Bytes JMP AE58673C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A2D BF9136C2 5 Bytes JMP AE585F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2601 BF914296 5 Bytes JMP AE5860B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F7A BF916C0F 5 Bytes JMP AE58667C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 194D BF946CFD 5 Bytes JMP AE5873A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Cloud Strife\Desktop\r78ulr4b.exe[232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Documents and Settings\Cloud Strife\Desktop\r78ulr4b.exe[232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Cloud Strife\Desktop\r78ulr4b.exe[232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Documents and Settings\Cloud Strife\Desktop\r78ulr4b.exe[232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Cloud Strife\Desktop\r78ulr4b.exe[232] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Documents and Settings\Cloud Strife\Desktop\r78ulr4b.exe[232] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Documents and Settings\Cloud Strife\Desktop\r78ulr4b.exe[232] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Documents and Settings\Cloud Strife\Desktop\r78ulr4b.exe[232] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Documents and Settings\Cloud Strife\Desktop\r78ulr4b.exe[232] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Documents and Settings\Cloud Strife\Desktop\r78ulr4b.exe[232] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Documents and Settings\Cloud Strife\Desktop\r78ulr4b.exe[232] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Documents and Settings\Cloud Strife\Desktop\r78ulr4b.exe[232] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Documents and Settings\Cloud Strife\Desktop\r78ulr4b.exe[232] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\Documents and Settings\Cloud Strife\Desktop\r78ulr4b.exe[232] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\Cloud Strife\Desktop\r78ulr4b.exe[232] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Documents and Settings\Cloud Strife\Desktop\r78ulr4b.exe[232] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\Cloud Strife\Desktop\r78ulr4b.exe[232] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Opera\opera.exe[296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Opera\opera.exe[296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Opera\opera.exe[296] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Opera\opera.exe[296] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Opera\opera.exe[296] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Opera\opera.exe[296] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Opera\opera.exe[296] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Opera\opera.exe[296] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Opera\opera.exe[296] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Opera\opera.exe[296] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Opera\opera.exe[296] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Opera\opera.exe[296] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Opera\opera.exe[296] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Opera\opera.exe[296] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Opera\opera.exe[296] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Opera\opera.exe[296] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Opera\opera.exe[296] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Tether\TBService.exe[336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Tether\TBService.exe[336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Tether\TBService.exe[336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Tether\TBService.exe[336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Tether\TBService.exe[336] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Tether\TBService.exe[336] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Tether\TBService.exe[336] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Tether\TBService.exe[336] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Tether\TBService.exe[336] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Tether\TBService.exe[336] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Tether\TBService.exe[336] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Tether\TBService.exe[336] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Tether\TBService.exe[336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Tether\TBService.exe[336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Tether\TBService.exe[336] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Tether\TBService.exe[336] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Tether\TBService.exe[336] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\Explorer.EXE[540] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[540] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\svchost.exe[644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\smss.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[728] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[764] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[764] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[764] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[764] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[764] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[764] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[764] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[764] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[764] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[764] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[808] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[808] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[808] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[820] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[820] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[820] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[820] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[820] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[972] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1044] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1044] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1140] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1140] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1140] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1140] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1140] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1140] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\CTsvcCDA.exe[1252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\CTsvcCDA.exe[1252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\CTsvcCDA.exe[1252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1252] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\CTsvcCDA.exe[1252] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\CTsvcCDA.exe[1252] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\CTsvcCDA.exe[1252] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\CTsvcCDA.exe[1252] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\CTsvcCDA.exe[1252] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\CTsvcCDA.exe[1252] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\CTsvcCDA.exe[1252] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\CTsvcCDA.exe[1252] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\CTsvcCDA.exe[1252] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\CTsvcCDA.exe[1252] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\CTsvcCDA.exe[1252] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\CTsvcCDA.exe[1252] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1304] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1304] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1336] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1336] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1336] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1336] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1360] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1360] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1360] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1360] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1360] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1360] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1360] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1360] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1360] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1360] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1360] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1360] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1360] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1420] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1420] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1460] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1460] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1460] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1460] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1460] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1460] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1460] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1460] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1460] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1460] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1460] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1460] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1460] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1460] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[1460] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\spoolsv.exe[1572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1572] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[1572] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1572] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1572] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1572] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[1572] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1572] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1572] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1572] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[1572] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[1572] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[1572] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[1572] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1636] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1636] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1636] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1636] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1636] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1636] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1636] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1636] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1636] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1636] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1636] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1636] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1636] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1636] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\nvsvc32.exe[1904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\nvsvc32.exe[1904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1904] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\nvsvc32.exe[1904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1904] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\nvsvc32.exe[1904] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[1904] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[1904] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\nvsvc32.exe[1904] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\nvsvc32.exe[1904] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[1904] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[1904] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\nvsvc32.exe[1904] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\nvsvc32.exe[1904] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\nvsvc32.exe[1904] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\nvsvc32.exe[1904] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\nvsvc32.exe[1904] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1924] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\alg.exe[2808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[2808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[2808] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[2808] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[2808] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[2820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[2820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[2820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[2820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[2820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[2820] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[2820] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[2820] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[2820] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[2820] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[2820] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[2820] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[2820] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[2820] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[2820] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[2820] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[2820] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\RunDll32.exe[3072] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\RunDll32.exe[3072] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\RunDll32.exe[3072] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\RunDll32.exe[3072] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\RunDll32.exe[3072] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\RunDll32.exe[3072] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\RunDll32.exe[3072] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\RunDll32.exe[3072] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\RunDll32.exe[3072] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\RunDll32.exe[3072] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\RunDll32.exe[3072] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\RunDll32.exe[3072] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\RunDll32.exe[3072] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\RunDll32.exe[3072] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\RunDll32.exe[3072] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\RunDll32.exe[3072] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\RunDll32.exe[3072] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\Rundll32.exe[3344] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\Rundll32.exe[3344] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Rundll32.exe[3344] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\Rundll32.exe[3344] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Rundll32.exe[3344] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\Rundll32.exe[3344] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\Rundll32.exe[3344] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\Rundll32.exe[3344] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\Rundll32.exe[3344] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\Rundll32.exe[3344] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\Rundll32.exe[3344] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\Rundll32.exe[3344] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\Rundll32.exe[3344] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\Rundll32.exe[3344] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\Rundll32.exe[3344] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\Rundll32.exe[3344] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\Rundll32.exe[3344] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[3484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[3484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[3484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[3484] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[3484] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[3484] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[3484] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[3484] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[3484] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[3484] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[3484] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[3484] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[3484] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[3484] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[3484] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[3484] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3592] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3712] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3712] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3712] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3712] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3712] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3712] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3712] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3712] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3712] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3712] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3712] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\RunDLL32.exe[3728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\RunDLL32.exe[3728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\RunDLL32.exe[3728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\RunDLL32.exe[3728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\RunDLL32.exe[3728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\RunDLL32.exe[3728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\RunDLL32.exe[3728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\RunDLL32.exe[3728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\RunDLL32.exe[3728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\RunDLL32.exe[3728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\RunDLL32.exe[3728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\RunDLL32.exe[3728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\RunDLL32.exe[3728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\RunDLL32.exe[3728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\RunDLL32.exe[3728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\RunDLL32.exe[3728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\RunDLL32.exe[3728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\rundll32.exe[3824] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\rundll32.exe[3824] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[3824] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\rundll32.exe[3824] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[3824] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\rundll32.exe[3824] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\rundll32.exe[3824] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\rundll32.exe[3824] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\rundll32.exe[3824] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\rundll32.exe[3824] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\rundll32.exe[3824] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\rundll32.exe[3824] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\rundll32.exe[3824] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\rundll32.exe[3824] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\rundll32.exe[3824] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\rundll32.exe[3824] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\rundll32.exe[3824] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[3832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[3832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[3832] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3832] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[3832] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[3832] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[3832] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[3832] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[3832] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[3832] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[3832] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[3832] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[3832] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[3832] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[3832] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[3832] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000601F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000603FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002A0804
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002A0A08
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002A0600
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002A01F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002A03FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B7EB03E6] spzr.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B7EB090E] spzr.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B7EB0F9C] spzr.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB090E] spzr.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB01D4] spzr.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB0116] spzr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB1178] spzr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB0F9C] spzr.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC1976] spzr.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[808] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[808] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[3592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 8A9C91F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbohci \Device\USBPDO-0 8A6F5470
Device \Driver\usbehci \Device\USBPDO-1 8A7501F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A95B1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A95B1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A95B1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A95B1F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A9CC1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A9CC1F8
Device \Driver\Cdrom \Device\CdRom0 8A73D1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{AF25FBAA-8DA9-4F52-A854-3465F621A70E} 897971F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A9CC1F8
Device \Driver\atapi \Device\Ide\IdePort0 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A73D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A9CC1F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 8A9CC1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 897971F8
Device \Driver\NetBT \Device\NetbiosSmb 897971F8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbohci \Device\USBFDO-0 8A6F5470
Device \Driver\usbehci \Device\USBFDO-1 8A7501F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 897901F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 897901F8
Device \Driver\Ftdisk \Device\FtControl 8A9CC1F8
Device \Driver\nvgts \Device\Scsi\nvgts2Port3Path0Target0Lun0 8A9CA1F8
Device \Driver\nvgts \Device\Scsi\nvgts1 8A9CA1F8
Device \Driver\nvgts \Device\Scsi\nvgts2 8A9CA1F8
Device \FileSystem\Cdfs \Cdfs 896F71F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{442B5AFB-7F3A-D820-673E-265BC6F7381C}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{442B5AFB-7F3A-D820-673E-265BC6F7381C}@ialinpbbcdopcfpcil 0x63 0x62 0x67 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{442B5AFB-7F3A-D820-673E-265BC6F7381C}@hajildbhbknjfcdg 0x63 0x62 0x67 0x66 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 976752003

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-31 12:07:55
-----------------------------
12:07:55.750 OS Version: Windows 5.1.2600 Service Pack 3
12:07:55.750 Number of processors: 2 586 0x4303
12:07:55.750 ComputerName: UMBRELLACORP UserName: Cloud Strife
12:07:56.390 Initialize success
12:07:56.468 AVAST engine defs: 12053100
12:08:10.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts2Port3Path0Target0Lun0
12:08:10.718 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
12:08:10.734 Disk 0 MBR read successfully
12:08:10.734 Disk 0 MBR scan
12:08:10.734 Disk 0 Windows XP default MBR code
12:08:10.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 60000 MB offset 63
12:08:10.734 Disk 0 Partition - 00 0F Extended LBA 416929 MB offset 122881185
12:08:10.781 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199996 MB offset 122881248
12:08:10.781 Disk 0 Partition - 00 05 Extended 99998 MB offset 532474425
12:08:10.843 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 99998 MB offset 532474488
12:08:10.843 Disk 0 Partition - 00 05 Extended 99998 MB offset 1146864285
12:08:10.906 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 99998 MB offset 737271108
12:08:10.906 Disk 0 Partition - 00 05 Extended 16935 MB offset 1556457525
12:08:10.968 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 16935 MB offset 942067728
12:08:10.968 Disk 0 scanning sectors +976752000
12:08:11.031 Disk 0 malicious Win32:MBRoot code @ sector 976752003 !
12:08:11.218 Disk 0 scanning C:\WINDOWS\system32\drivers
12:08:42.843 Service scanning
12:08:47.937 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
12:08:49.703 Modules scanning
12:09:33.984 Disk 0 trace - called modules:
12:09:34.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a9ca1f8]<<
12:09:34.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8acab8]
12:09:34.015 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000079[0x8a877f18]
12:09:34.015 5 ACPI.sys[b7e6e620] -> nt!IofCallDriver -> \Device\Scsi\nvgts2Port3Path0Target0Lun0[0x8a840998]
12:09:34.015 \Driver\nvgts[0x8a8ffa08] -> IRP_MJ_CREATE -> 0x8a9ca1f8
12:09:34.312 AVAST engine scan C:\WINDOWS
12:10:06.046 AVAST engine scan C:\WINDOWS\system32
12:19:21.890 AVAST engine scan C:\WINDOWS\system32\drivers
12:20:18.859 AVAST engine scan C:\Documents and Settings\Cloud Strife
12:22:32.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Cloud Strife\Desktop\MBR.dat"
12:22:32.781 The log file has been saved successfully to "C:\Documents and Settings\Cloud Strife\Desktop\aswMBR.txt"

It looks like I had to break it into 3 replies sorry.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:38 PM

Posted 31 May 2012 - 03:24 PM

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot let me know what it finds

#5 AngelLopez

AngelLopez
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 31 May 2012 - 04:04 PM

Ok after it asked me to reboot my computer and it started the scanned after I logged into WXP Pro, the only message I got after the scan was: Backdoor.Tidserv has not been found on your computer.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:38 PM

Posted 31 May 2012 - 04:54 PM

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#7 AngelLopez

AngelLopez
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 PM

Posted 31 May 2012 - 11:47 PM

Ok I wasn't sure If you wanted me to delete the viruses after scanning with ESET Online Scanner, but there was a box I could've checked to delete them after the scan and I uncheck it. So here is the log for the ESET Online Scanner:

C:\Documents and Settings\Cloud Strife\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com\components\epicPlayGames.dll a variant of Win32/Adware.Gamevance.BR application
C:\Documents and Settings\Cloud Strife\Application Data\Mozilla\Firefox\Profiles\vbk9j31b.default\extensions\textlinks@epicplay.com\components\epicPlayGames.dll a variant of Win32/Adware.Gamevance.BR application
C:\Documents and Settings\Cloud Strife\Local Settings\Application Data\{C774179F-A611-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\Documents and Settings\Cloud Strife\Local Settings\Temp\mstxpi.dll a variant of Win32/Medfos.AA trojan
C:\Program Files\EpicPlay\epicPlayGames.dll a variant of Win32/Adware.Gamevance.BR application
C:\Program Files\EpicPlay\epicRemoval.exe a variant of Win32/Adware.Gamevance.BN application
E:\Project64 1.7 final 2008.7z multiple threats
Operating memory a variant of Win32/Medfos.AA trojan


Gonna run Malwarebytes (Full Scan) and delete what shows up, then reboot and run a full scan again to see if they show up.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users