Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

crippled usage [Solved]


  • This topic is locked This topic is locked

#1
Blueb3325

Blueb3325

    Member

  • Member
  • PipPip
  • 18 posts
access to the internet is patchy lots of sites wont load and when I play a game which has been fine (its virtual greyhounds) its practically crippled and runs so slow its unreal. Not got a great graphics card but never had any worries with this, now it wont work, also keep getting blue screen of death
the greyhound game shows something is wrong but dont know what

thanks


OTL logfile created on: 12/06/2012 16:23:46 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.92% Memory free
6.21 Gb Paging File | 4.90 Gb Available in Paging File | 79.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 182.09 Gb Free Space | 63.15% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.89 Gb Free Space | 39.82% Space Free | Partition Type: NTFS

Computer Name: DELL-530 | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/12 16:22:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2012/06/01 16:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/29 18:18:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/05/29 18:17:54 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/05/21 11:48:03 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/07 00:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/07 00:15:13 | 000,134,920 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/21 03:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/11 23:21:16 | 000,115,137 | ---- | M] () -- C:\Users\Chris\AppData\Local\temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
MOD - [2012/06/01 16:39:51 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/29 18:18:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/05/09 07:47:21 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0189f9fb0ff0476b570aeadfc036ddd6\System.Management.ni.dll
MOD - [2012/05/09 07:45:56 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\367837cb7f83c9e52f09278f4e6c3ccd\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 07:45:49 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f91c92735c4a913143a0914c8cb531f2\System.Xaml.ni.dll
MOD - [2012/05/09 07:31:00 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d4417b9c53da6268abb1c7c2154ab37d\PresentationFramework.ni.dll
MOD - [2012/05/09 07:30:47 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\f0634a8df3e8d5d17389924b852d82a4\PresentationCore.ni.dll
MOD - [2012/05/09 07:30:38 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\fd52e266873de847aea40b1d0715e0bb\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 07:30:37 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\697a79c939f32249639e0321673a0cf7\WindowsBase.ni.dll
MOD - [2012/05/09 07:28:17 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e4d9c9e2dc714ce149e145af276e8895\System.Windows.Forms.ni.dll
MOD - [2012/05/09 07:28:00 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8498cd388d05ff39d7c0e43a1330b9e4\System.Drawing.ni.dll
MOD - [2012/05/09 07:27:55 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b54a85f8f8f5ac297357c80b95834a90\System.Xml.ni.dll
MOD - [2012/05/09 07:27:51 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d131eefaea0ca120aaf11568d8e44cad\System.Configuration.ni.dll
MOD - [2012/05/09 07:27:45 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\500ffaf6258746eaf0bfc333ab534a51\System.Core.ni.dll
MOD - [2012/05/09 07:27:38 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\360d70391adff56f1d029b1a538d2431\System.ni.dll
MOD - [2012/05/09 07:27:32 | 014,415,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll
MOD - [2012/05/04 22:50:16 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\TEMP\018465~1.EXE -- (0184651330180573mcinstcleanup) McAfee Application Installer Cleanup (0184651330180573)
SRV - [2012/06/01 16:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/04 22:50:16 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/03/07 00:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/05/21 03:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2012/05/21 03:09:00 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/07 00:04:25 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/03/07 00:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 00:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 00:03:23 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/03/07 00:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/03/07 00:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/07 00:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 00:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 00:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/23 15:54:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/12/10 21:48:26 | 000,043,520 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2009/04/10 22:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/03/18 17:23:06 | 000,020,480 | ---- | M] (GoTrusted) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gttap1.sys -- (gttap1)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 A0 50 B8 9E 45 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.3.37: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/17 13:03:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/21 11:49:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/07 12:29:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/06/09 20:28:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2012/06/11 23:28:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\08lofbpa.default\extensions
[2012/06/07 12:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/01 16:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/01 16:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/01 16:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\20.0.1132.27\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\20.0.1132.27\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\20.0.1132.27\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.20 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: ScriptNo = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.2_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/01 09:21:07 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: DhcpNameServer = 192.168.0.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/12 16:21:57 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012/06/12 16:05:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1C4DF075-9108-421A-950C-0747F988A2A0}
[2012/06/12 16:04:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{AFA16FBB-F5EB-4E9A-B918-7896248684CC}
[2012/06/12 01:56:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{649F57CD-7E5C-4B2D-BA9B-3EF2B0DDCE00}
[2012/06/12 01:56:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{01E71F2D-27D8-45B4-A3E7-BE6BC5297C56}
[2012/06/11 13:55:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B4361849-475B-4A99-B5B8-87C41A2DFFF6}
[2012/06/11 13:54:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{589658D5-DA99-4407-8697-1DC0D7C8667C}
[2012/06/11 01:16:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{42BAC9C8-DC55-479D-A275-DB9DF682A100}
[2012/06/11 01:16:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A459CAA0-6221-4C61-ACE9-18273FE414ED}
[2012/06/10 13:15:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F79D7E9D-EF87-463C-BAD4-802ED9DA152D}
[2012/06/10 13:14:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{2F69335F-217A-4939-B6DE-C1F9512D1853}
[2012/06/09 20:28:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Mozilla
[2012/06/09 20:19:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3D19EFE5-5F47-4FE8-B13C-FC4F6C7F38AD}
[2012/06/09 20:19:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{13CFA034-FED3-4ADC-8415-B2045A567A1A}
[2012/06/07 21:14:29 | 000,000,000 | ---D | C] -- C:\Temp
[2012/06/07 20:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/06/07 20:46:40 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012/06/07 20:46:40 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2012/06/07 20:34:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\LogMeIn Rescue Applet
[2012/06/07 15:41:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32
[2012/06/07 12:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/07 12:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/06/06 11:10:56 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/05/31 15:33:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/31 15:30:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/31 15:30:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2012/05/29 00:38:50 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2012/05/26 20:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\dvdfab
[2012/05/26 20:27:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\DVDFab
[2012/05/25 19:54:54 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012/05/25 19:54:54 | 000,080,824 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012/05/25 19:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2012/05/25 19:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec
[2012/05/25 19:46:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\SelfMV
[2012/05/23 18:49:34 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
[2012/05/23 18:49:32 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.exe
[2012/05/23 18:49:32 | 000,045,320 | ---- | C] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll
[2012/05/22 15:21:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apple Computer
[2012/05/22 15:20:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/05/22 15:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/22 15:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/05/21 11:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/21 11:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/21 11:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/05/21 11:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/21 11:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/21 11:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/05/21 11:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/05/14 19:12:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/12/28 15:52:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/06/12 16:22:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2012/06/12 16:01:57 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 16:01:56 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 16:01:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/12 16:01:38 | 3209,875,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/12 03:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/12 03:56:15 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3299710142-3868310564-1978959094-1001UA.job
[2012/06/11 21:55:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3299710142-3868310564-1978959094-1001Core.job
[2012/06/11 01:04:44 | 000,012,800 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/07 21:16:28 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/07 21:16:28 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/07 21:13:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012/06/07 20:54:37 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/06/07 20:54:25 | 000,001,758 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/06/07 12:57:28 | 000,002,042 | ---- | M] () -- C:\Users\Chris\Desktop\Google Chrome.lnk
[2012/06/07 12:57:28 | 000,002,004 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/07 12:29:30 | 000,000,870 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/07 12:29:30 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/03 14:17:52 | 003,610,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/01 09:21:07 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/05/29 00:38:50 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2012/05/23 18:50:06 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012/05/23 18:49:34 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
[2012/05/23 18:49:34 | 000,030,568 | ---- | M] () -- C:\Windows\MusiccityDownload.exe
[2012/05/23 18:49:32 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.exe
[2012/05/23 18:49:32 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll
[2012/05/23 18:49:30 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012/05/23 18:49:30 | 000,020,032 | ---- | M] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2012/05/21 11:55:52 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/21 11:50:50 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/21 11:50:46 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/05/21 11:48:12 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/05/21 03:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012/05/21 03:09:00 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys

========== Files Created - No Company Name ==========

[2012/06/07 21:13:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012/06/07 20:54:25 | 000,001,758 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/06/07 20:48:54 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/06/07 12:29:30 | 000,000,870 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/07 12:29:30 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/07 12:29:30 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/03 09:55:32 | 000,012,800 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/05/21 11:55:52 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/21 11:50:50 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/21 11:50:46 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/04/11 11:10:35 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/18 21:07:14 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/13 09:10:03 | 000,614,499 | ---- | C] () -- C:\Users\Chris\AppData\Local\census.cache
[2012/01/13 09:09:35 | 000,163,945 | ---- | C] () -- C:\Users\Chris\AppData\Local\ars.cache
[2012/01/13 08:12:43 | 000,000,036 | ---- | C] () -- C:\Users\Chris\AppData\Local\housecall.guid.cache
[2011/12/28 15:52:30 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/12/28 15:52:30 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/02/04 14:50:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/04 14:50:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/04 14:19:09 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1472.dll
[2011/02/04 13:24:09 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/03/30 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/18 21:07:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leawo
[2012/03/19 14:38:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2012/06/07 20:52:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Samsung
[2012/04/10 20:13:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\StreamTorrent
[2012/03/18 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\tiger-k
[2012/05/11 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso
[2012/04/17 10:29:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Wondershare
[2012/06/11 23:18:41 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Blueb3325 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- C:\Windows\TEMP\018465~1.EXE -- (0184651330180573mcinstcleanup) McAfee Application Installer Cleanup (0184651330180573)
    [2012/06/12 16:05:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1C4DF075-9108-421A-950C-0747F988A2A0}
    [2012/06/12 16:04:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{AFA16FBB-F5EB-4E9A-B918-7896248684CC}
    [2012/06/12 01:56:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{649F57CD-7E5C-4B2D-BA9B-3EF2B0DDCE00}
    [2012/06/12 01:56:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{01E71F2D-27D8-45B4-A3E7-BE6BC5297C56}
    [2012/06/11 13:55:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{B4361849-475B-4A99-B5B8-87C41A2DFFF6}
    [2012/06/11 13:54:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{589658D5-DA99-4407-8697-1DC0D7C8667C}
    [2012/06/11 01:16:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{42BAC9C8-DC55-479D-A275-DB9DF682A100}
    [2012/06/11 01:16:35 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A459CAA0-6221-4C61-ACE9-18273FE414ED}
    [2012/06/10 13:15:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F79D7E9D-EF87-463C-BAD4-802ED9DA152D}
    [2012/06/10 13:14:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{2F69335F-217A-4939-B6DE-C1F9512D1853}
    [2012/06/09 20:19:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3D19EFE5-5F47-4FE8-B13C-FC4F6C7F38AD}
    [2012/06/09 20:19:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{13CFA034-FED3-4ADC-8415-B2045A567A1A}


    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
Blueb3325

Blueb3325

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
All processes killed
========== OTL ==========
Error: No service named 0184651330180573mcinstcleanup) McAfee Application Installer Cleanup (0184651330180573 was found to stop!
Service\Driver key 0184651330180573mcinstcleanup) McAfee Application Installer Cleanup (0184651330180573 not found.
File C:\Windows\TEMP\018465~1.EXE not found.
C:\Users\Chris\AppData\Local\{1C4DF075-9108-421A-950C-0747F988A2A0} folder moved successfully.
C:\Users\Chris\AppData\Local\{AFA16FBB-F5EB-4E9A-B918-7896248684CC} folder moved successfully.
C:\Users\Chris\AppData\Local\{649F57CD-7E5C-4B2D-BA9B-3EF2B0DDCE00} folder moved successfully.
C:\Users\Chris\AppData\Local\{01E71F2D-27D8-45B4-A3E7-BE6BC5297C56} folder moved successfully.
C:\Users\Chris\AppData\Local\{B4361849-475B-4A99-B5B8-87C41A2DFFF6} folder moved successfully.
C:\Users\Chris\AppData\Local\{589658D5-DA99-4407-8697-1DC0D7C8667C} folder moved successfully.
C:\Users\Chris\AppData\Local\{42BAC9C8-DC55-479D-A275-DB9DF682A100} folder moved successfully.
C:\Users\Chris\AppData\Local\{A459CAA0-6221-4C61-ACE9-18273FE414ED} folder moved successfully.
C:\Users\Chris\AppData\Local\{F79D7E9D-EF87-463C-BAD4-802ED9DA152D} folder moved successfully.
C:\Users\Chris\AppData\Local\{2F69335F-217A-4939-B6DE-C1F9512D1853} folder moved successfully.
C:\Users\Chris\AppData\Local\{3D19EFE5-5F47-4FE8-B13C-FC4F6C7F38AD} folder moved successfully.
C:\Users\Chris\AppData\Local\{13CFA034-FED3-4ADC-8415-B2045A567A1A} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 2373483 bytes
->Temporary Internet Files folder emptied: 29821977 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 464166486 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 4974 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 8725720462 bytes

Total Files Cleaned = 8,795.00 mb


OTL by OldTimer - Version 3.2.51.0 log created on 06222012_154033

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#4
Blueb3325

Blueb3325

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-22 16:17:06
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320613AS rev.DE11
Running: x60i88o2.exe; Driver: C:\Users\Chris\AppData\Local\Temp\kfriapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8F674DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8FB60A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8F67585E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8F67A2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8F67A330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8F67A422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8F67A252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8F67A374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8F67A29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8F67A3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8F674E44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8FB60B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8F674AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8F674E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8F677D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8F675B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8F67A30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8F67A352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8F67A446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8F67A278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8F67A3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8F67A2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8F67A400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8FB60CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8F6759CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8F674EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8F674F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8F674B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8F674CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8F674C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8F674D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8FB60D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8F674F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8FB60BE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8FB76D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 824E27D0 4 Bytes [F8, 4D, 67, 8F]
.text ntkrnlpa.exe!KeSetEvent + 131 824E27F4 4 Bytes [5A, 0A, B6, 8F]
.text ntkrnlpa.exe!KeSetEvent + 191 824E2854 4 Bytes [5E, 58, 67, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1D1 824E2894 8 Bytes [E4, A2, 67, 8F, 30, A3, 67, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 824E28A0 4 Bytes [22, A4, 67, 8F]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8260D62F 5 Bytes JMP 8FB73C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82666543 5 Bytes JMP 8FB7574C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8266FE68 4 Bytes CALL 8F6761B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82673ADC 4 Bytes CALL 8F6761CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 826C7DF6 7 Bytes JMP 8FB76D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\csrss.exe[604] KERNEL32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Users\Chris\Desktop\x60i88o2.exe[644] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[648] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[648] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[648] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[648] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[648] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[648] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[660] KERNEL32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\services.exe[692] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[692] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[692] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[692] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[692] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[692] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[692] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[692] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[724] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[724] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[724] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[724] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[724] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[724] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[724] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[724] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[724] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\winlogon.exe[732] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[732] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[732] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[732] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[732] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00050600
.text C:\Windows\system32\winlogon.exe[732] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\winlogon.exe[732] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[732] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[732] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\winlogon.exe[732] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\winlogon.exe[732] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[732] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[732] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[732] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\winlogon.exe[732] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[732] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[740] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[740] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[740] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[896] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[896] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[968] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[968] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[968] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[968] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[968] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[968] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[968] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[968] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[968] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001E0600
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001E0804
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 001E0A08
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 001E01F8
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 001E03FC
.text C:\Windows\System32\svchost.exe[1120] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1120] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1120] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00C30600
.text C:\Windows\System32\svchost.exe[1120] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00C30804
.text C:\Windows\System32\svchost.exe[1120] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00C30A08
.text C:\Windows\System32\svchost.exe[1120] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00C301F8
.text C:\Windows\System32\svchost.exe[1120] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 00C303FC
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1132] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00230600
.text C:\Windows\system32\svchost.exe[1132] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00230804
.text C:\Windows\system32\svchost.exe[1132] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00230A08
.text C:\Windows\system32\svchost.exe[1132] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 002301F8
.text C:\Windows\system32\svchost.exe[1132] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 002303FC
.text C:\Windows\system32\AUDIODG.EXE[1256] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Windows\servicing\TrustedInstaller.exe[1372] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000401F8
.text C:\Windows\servicing\TrustedInstaller.exe[1372] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000403FC
.text C:\Windows\servicing\TrustedInstaller.exe[1372] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\servicing\TrustedInstaller.exe[1372] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000603FC
.text C:\Windows\servicing\TrustedInstaller.exe[1372] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00060600
.text C:\Windows\servicing\TrustedInstaller.exe[1372] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00061014
.text C:\Windows\servicing\TrustedInstaller.exe[1372] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00060804
.text C:\Windows\servicing\TrustedInstaller.exe[1372] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00060A08
.text C:\Windows\servicing\TrustedInstaller.exe[1372] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00060C0C
.text C:\Windows\servicing\TrustedInstaller.exe[1372] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00060E10
.text C:\Windows\servicing\TrustedInstaller.exe[1372] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000601F8
.text C:\Windows\servicing\TrustedInstaller.exe[1372] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00070600
.text C:\Windows\servicing\TrustedInstaller.exe[1372] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00070804
.text C:\Windows\servicing\TrustedInstaller.exe[1372] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00070A08
.text C:\Windows\servicing\TrustedInstaller.exe[1372] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000701F8
.text C:\Windows\servicing\TrustedInstaller.exe[1372] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1400] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001B0600
.text C:\Windows\system32\svchost.exe[1400] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001B0804
.text C:\Windows\system32\svchost.exe[1400] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 001B0A08
.text C:\Windows\system32\svchost.exe[1400] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 001B01F8
.text C:\Windows\system32\svchost.exe[1400] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 001B03FC
.text C:\Program Files\HitmanPro\hmpsched.exe[1532] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Program Files\HitmanPro\hmpsched.exe[1532] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Program Files\HitmanPro\hmpsched.exe[1532] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Program Files\HitmanPro\hmpsched.exe[1532] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00070600
.text C:\Program Files\HitmanPro\hmpsched.exe[1532] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00070804
.text C:\Program Files\HitmanPro\hmpsched.exe[1532] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00070A08
.text C:\Program Files\HitmanPro\hmpsched.exe[1532] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000701F8
.text C:\Program Files\HitmanPro\hmpsched.exe[1532] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000703FC
.text C:\Program Files\HitmanPro\hmpsched.exe[1532] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000803FC
.text C:\Program Files\HitmanPro\hmpsched.exe[1532] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00080600
.text C:\Program Files\HitmanPro\hmpsched.exe[1532] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00081014
.text C:\Program Files\HitmanPro\hmpsched.exe[1532] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00080804
.text C:\Program Files\HitmanPro\hmpsched.exe[1532] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00080A08
.text C:\Program Files\HitmanPro\hmpsched.exe[1532] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00080C0C
.text C:\Program Files\HitmanPro\hmpsched.exe[1532] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00080E10
.text C:\Program Files\HitmanPro\hmpsched.exe[1532] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1544] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[1544] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 001B03FC
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 001B0600
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 001B1014
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 001B0804
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 001B0A08
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 001B0C0C
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 001B0E10
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 001B01F8
.text C:\Windows\system32\svchost.exe[1544] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00900600
.text C:\Windows\system32\svchost.exe[1544] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00900804
.text C:\Windows\system32\svchost.exe[1544] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00900A08
.text C:\Windows\system32\svchost.exe[1544] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 009001F8
.text C:\Windows\system32\svchost.exe[1544] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 009003FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1644] kernel32.dll!SetUnhandledExceptionFilter 76DEA8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1644] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1660] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1796] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[1796] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[1796] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[1796] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[1796] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[1796] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[1796] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[1796] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[1796] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00110600
.text C:\Windows\System32\spoolsv.exe[1796] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00110804
.text C:\Windows\System32\spoolsv.exe[1796] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00110A08
.text C:\Windows\System32\spoolsv.exe[1796] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 001101F8
.text C:\Windows\System32\spoolsv.exe[1796] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 001103FC
.text C:\Windows\system32\ctfmon.exe[1812] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1820] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1820] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1820] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1820] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1820] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1820] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1820] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1820] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1820] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1820] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1820] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1820] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1820] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1820] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1820] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1820] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[1860] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1860] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1860] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 002B0600
.text C:\Windows\system32\svchost.exe[1860] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 002B0804
.text C:\Windows\system32\svchost.exe[1860] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 002B0A08
.text C:\Windows\system32\svchost.exe[1860] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 002B01F8
.text C:\Windows\system32\svchost.exe[1860] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 002B03FC
.text C:\Windows\system32\svchost.exe[2060] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[2060] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[2060] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000B01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 60F3FA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] kernel32.dll!MapViewOfFile 76E06B10 5 Bytes JMP 611E079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] kernel32.dll!VirtualAlloc 76E0AF75 5 Bytes JMP 611E07C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00170600
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00170804
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00170A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] GDI32.dll!CreateDIBSection 77BC7461 5 Bytes JMP 611E0728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00180600
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00181014
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00180804
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00180A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00180C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00180E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[2080] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\taskeng.exe[2108] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000901F8
.text C:\Windows\system32\taskeng.exe[2108] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000903FC
.text C:\Windows\system32\taskeng.exe[2108] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2108] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\taskeng.exe[2108] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\taskeng.exe[2108] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\taskeng.exe[2108] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\taskeng.exe[2108] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\taskeng.exe[2108] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\taskeng.exe[2108] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\taskeng.exe[2108] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\taskeng.exe[2108] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000C0600
.text C:\Windows\system32\taskeng.exe[2108] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\taskeng.exe[2108] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\taskeng.exe[2108] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\taskeng.exe[2108] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000C03FC
.text C:\Windows\System32\svchost.exe[2120] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2120] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2120] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2120] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000803FC
.text C:\Windows\System32\svchost.exe[2120] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00080600
.text C:\Windows\System32\svchost.exe[2120] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00081014
.text C:\Windows\System32\svchost.exe[2120] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00080804
.text C:\Windows\System32\svchost.exe[2120] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[2120] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00080C0C
.text C:\Windows\System32\svchost.exe[2120] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00080E10
.text C:\Windows\System32\svchost.exe[2120] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2164] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2164] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2164] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2164] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2164] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2164] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00081014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2164] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2164] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2164] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00080C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2164] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2164] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2164] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00090600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2164] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2164] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2164] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2164] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\SearchIndexer.exe[2308] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[2308] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[2308] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2308] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[2308] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[2308] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[2308] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[2308] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[2308] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[2308] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[2308] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2308] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[2308] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[2308] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[2308] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[2308] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2368] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2368] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2368] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2368] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2368] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2368] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2368] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2368] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2368] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2368] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2368] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2368] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2368] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2368] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2368] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2368] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\SearchProtocolHost.exe[2576] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000401F8
.text C:\Windows\system32\SearchProtocolHost.exe[2576] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000403FC
.text C:\Windows\system32\SearchProtocolHost.exe[2576] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\SearchProtocolHost.exe[2576] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchProtocolHost.exe[2576] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00060600
.text C:\Windows\system32\SearchProtocolHost.exe[2576] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00061014
.text C:\Windows\system32\SearchProtocolHost.exe[2576] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00060804
.text C:\Windows\system32\SearchProtocolHost.exe[2576] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00060A08
.text C:\Windows\system32\SearchProtocolHost.exe[2576] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00060C0C
.text C:\Windows\system32\SearchProtocolHost.exe[2576] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00060E10
.text C:\Windows\system32\SearchProtocolHost.exe[2576] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchProtocolHost.exe[2576] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchProtocolHost.exe[2576] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchProtocolHost.exe[2576] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchProtocolHost.exe[2576] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchProtocolHost.exe[2576] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000703FC
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2668] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2668] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2668] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2668] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2668] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2668] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2668] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2668] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2668] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2668] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2668] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2668] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00080600
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2668] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00080804
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2668] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080A08
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2668] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000801F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2668] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\Dwm.exe[2812] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000901F8
.text C:\Windows\system32\Dwm.exe[2812] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000903FC
.text C:\Windows\system32\Dwm.exe[2812] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2812] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\Dwm.exe[2812] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\Dwm.exe[2812] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\Dwm.exe[2812] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\Dwm.exe[2812] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\Dwm.exe[2812] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\Dwm.exe[2812] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\Dwm.exe[2812] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\Dwm.exe[2812] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000C0600
.text C:\Windows\system32\Dwm.exe[2812] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\Dwm.exe[2812] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\Dwm.exe[2812] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\Dwm.exe[2812] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000C03FC
.text C:\Windows\Explorer.EXE[2836] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[2836] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[2836] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\Explorer.EXE[2836] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[2836] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[2836] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[2836] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[2836] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[2836] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[2836] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[2836] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[2836] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[2836] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[2836] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[2836] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[2836] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3036] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3036] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3036] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3036] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 001A03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3036] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 001A0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3036] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 001A1014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3036] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 001A0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3036] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 001A0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3036] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 001A0C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3036] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 001A0E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3036] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 001A01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3036] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 001B0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3036] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001B0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3036] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 001B0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3036] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 001B01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3036] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 001B03FC
.text C:\Program Files\HitmanPro\HitmanPro.exe[3068] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Program Files\HitmanPro\HitmanPro.exe[3068] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Program Files\HitmanPro\HitmanPro.exe[3068] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Program Files\HitmanPro\HitmanPro.exe[3068] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000803FC
.text C:\Program Files\HitmanPro\HitmanPro.exe[3068] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00080600
.text C:\Program Files\HitmanPro\HitmanPro.exe[3068] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00081014
.text C:\Program Files\HitmanPro\HitmanPro.exe[3068] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00080804
.text C:\Program Files\HitmanPro\HitmanPro.exe[3068] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00080A08
.text C:\Program Files\HitmanPro\HitmanPro.exe[3068] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00080C0C
.text C:\Program Files\HitmanPro\HitmanPro.exe[3068] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00080E10
.text C:\Program Files\HitmanPro\HitmanPro.exe[3068] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000801F8
.text C:\Program Files\HitmanPro\HitmanPro.exe[3068] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00180600
.text C:\Program Files\HitmanPro\HitmanPro.exe[3068] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00180804
.text C:\Program Files\HitmanPro\HitmanPro.exe[3068] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00180A08
.text C:\Program Files\HitmanPro\HitmanPro.exe[3068] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 001801F8
.text C:\Program Files\HitmanPro\HitmanPro.exe[3068] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\taskeng.exe[3092] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3092] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3092] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3092] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[3092] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[3092] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[3092] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[3092] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[3092] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[3092] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[3092] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3092] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[3092] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[3092] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[3092] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[3092] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00070600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00080600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00080804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00080A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] USER32.dll!SetWindowLongA 76F2E7CD 5 Bytes JMP 612E003B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] USER32.dll!SetWindowLongW 76F313B4 5 Bytes JMP 612DFFCA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] USER32.dll!GetWindowInfo 76F3428E 5 Bytes JMP 610BAEF3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3228] USER32.dll!TrackPopupMenu 76F414F3 5 Bytes JMP 610BB50D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3352] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3352] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3352] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3352] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00070600
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3352] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00070804
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3352] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3352] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3352] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3352] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3352] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3352] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00081014
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3352] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00080804
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3352] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3352] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00080C0C
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3352] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00080E10
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[3352] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[3540] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3540] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3540] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3540] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[3540] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[3540] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[3540] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[3540] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[3540] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[3540] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[3540] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000801F8
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3556] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3572] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 00A601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3572] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 00A603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3572] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3572] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 00AA03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3572] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00AA0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3572] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00AA1014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3572] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00AA0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3572] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00AA0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3572] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00AA0C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3572] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00AA0E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3572] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 00AA01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3572] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00AB0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3572] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00AB0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3572] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00AB0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3572] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 00AB01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3572] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 00AB03FC
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3688] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 001501F8
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3688] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 001503FC
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3688] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3688] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00170600
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3688] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00170804
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3688] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00170A08
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3688] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3688] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3688] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3688] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00180600
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3688] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00181014
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3688] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00180804
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3688] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00180A08
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3688] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00180C0C
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3688] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00180E10
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3688] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 001801F8
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3724] ntdll.dll!DbgUiRemoteBreakin 77A3CD44 1 Byte [C3]
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3724] KERNEL32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3732] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3732] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3732] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3732] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 001503FC
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3732] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 00150600
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3732] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 00151014
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3732] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 00150804
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3732] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 00150A08
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3732] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 00150C0C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3732] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 00150E10
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3732] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 001501F8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3732] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 00160600
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3732] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00160804
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3732] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 00160A08
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3732] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3732] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3900] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3900] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000903FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3900] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3900] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000B03FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3900] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 000B0600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3900] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 000B1014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3900] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 000B0804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3900] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 000B0A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3900] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 000B0C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3900] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 000B0E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3900] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000B01F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3900] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000C0600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3900] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000C0804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3900] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 000C0A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3900] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000C01F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3900] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000C03FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3948] ntdll.dll!LdrLoadDll 779D9378 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3948] ntdll.dll!LdrUnloadDll 779EB680 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3948] kernel32.dll!GetBinaryTypeW + 70 76E12467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3948] ADVAPI32.dll!CreateServiceW 776A9EB4 5 Bytes JMP 000A03FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3948] ADVAPI32.dll!DeleteService 776AA07E 5 Bytes JMP 000A0600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3948] ADVAPI32.dll!SetServiceObjectSecurity 776E6CD9 5 Bytes JMP 000A1014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3948] ADVAPI32.dll!ChangeServiceConfigA 776E6DD9 5 Bytes JMP 000A0804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3948] ADVAPI32.dll!ChangeServiceConfigW 776E6F81 5 Bytes JMP 000A0A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3948] ADVAPI32.dll!ChangeServiceConfig2A 776E7099 5 Bytes JMP 000A0C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3948] ADVAPI32.dll!ChangeServiceConfig2W 776E71E1 5 Bytes JMP 000A0E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3948] ADVAPI32.dll!CreateServiceA 776E72A1 5 Bytes JMP 000A01F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3948] USER32.dll!SetWindowsHookExA 76F26322 5 Bytes JMP 000B0600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3948] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000B0804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3948] USER32.dll!UnhookWindowsHookEx 76F298DB 5 Bytes JMP 000B0A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3948] USER32.dll!SetWinEventHook 76F29F3A 5 Bytes JMP 000B01F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3948] USER32.dll!UnhookWinEvent 76F2C06F 5 Bytes JMP 000B03FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[692] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000B0002
IAT C:\Windows\system32\services.exe[692] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000B0000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73ABF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\AVAST Software\Avast\afwServ.exe[1660] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73ABF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Windows\Explorer.EXE[2836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748D7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7491B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748DBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748CF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748D75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748CE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749073F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [748DDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748CFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748CFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748C71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7495CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [748FC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748CD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748C6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748C687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2836] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748D2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3556] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73ABF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based [email protected] 1851472433

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS029E4.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS029E5.log 131072 bytes

---- EOF - GMER 1.0.15 ----
  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Blueb3325,

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#6
Blueb3325

Blueb3325

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
21:52:39.0328 2068 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
21:52:41.0334 2068 ============================================================
21:52:41.0334 2068 Current date / time: 2012/06/22 21:52:41.0334
21:52:41.0334 2068 SystemInfo:
21:52:41.0334 2068
21:52:41.0334 2068 OS Version: 6.0.6002 ServicePack: 2.0
21:52:41.0334 2068 Product type: Workstation
21:52:41.0334 2068 ComputerName: DELL-530
21:52:41.0334 2068 UserName: Chris
21:52:41.0334 2068 Windows directory: C:\Windows
21:52:41.0334 2068 System windows directory: C:\Windows
21:52:41.0334 2068 Processor architecture: Intel x86
21:52:41.0334 2068 Number of processors: 2
21:52:41.0334 2068 Page size: 0x1000
21:52:41.0334 2068 Boot type: Normal boot
21:52:41.0334 2068 ============================================================
21:52:43.0456 2068 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:52:43.0568 2068 ============================================================
21:52:43.0568 2068 \Device\Harddisk0\DR0:
21:52:43.0601 2068 MBR partitions:
21:52:43.0601 2068 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x240A5800
21:52:43.0601 2068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x1388000
21:52:43.0601 2068 ============================================================
21:52:43.0781 2068 C: <-> \Device\Harddisk0\DR0\Partition0
21:52:43.0879 2068 D: <-> \Device\Harddisk0\DR0\Partition1
21:52:43.0879 2068 ============================================================
21:52:43.0879 2068 Initialize success
21:52:43.0879 2068 ============================================================
21:52:51.0180 3324 ============================================================
21:52:51.0181 3324 Scan started
21:52:51.0181 3324 Mode: Manual; SigCheck; TDLFS;
21:52:51.0181 3324 ============================================================
21:52:52.0690 3324 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:52:52.0847 3324 !SASCORE - ok
21:52:52.0918 3324 0184651330180573mcinstcleanup - ok
21:52:52.0988 3324 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:52:53.0020 3324 ACPI - ok
21:52:53.0093 3324 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:52:53.0116 3324 AdobeARMservice - ok
21:52:53.0198 3324 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:52:53.0213 3324 AdobeFlashPlayerUpdateSvc - ok
21:52:53.0269 3324 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:52:53.0307 3324 adp94xx - ok
21:52:53.0402 3324 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:52:53.0419 3324 adpahci - ok
21:52:53.0431 3324 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:52:53.0445 3324 adpu160m - ok
21:52:53.0456 3324 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:52:53.0471 3324 adpu320 - ok
21:52:53.0511 3324 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:52:53.0663 3324 AeLookupSvc - ok
21:52:53.0725 3324 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:52:53.0773 3324 AFD - ok
21:52:53.0807 3324 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:52:53.0823 3324 agp440 - ok
21:52:53.0861 3324 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:52:53.0878 3324 aic78xx - ok
21:52:53.0888 3324 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:52:53.0930 3324 ALG - ok
21:52:53.0944 3324 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:52:53.0959 3324 aliide - ok
21:52:53.0974 3324 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:52:53.0990 3324 amdagp - ok
21:52:54.0000 3324 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:52:54.0015 3324 amdide - ok
21:52:54.0031 3324 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:52:54.0077 3324 AmdK7 - ok
21:52:54.0094 3324 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
21:52:54.0135 3324 AmdK8 - ok
21:52:54.0159 3324 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:52:54.0183 3324 Appinfo - ok
21:52:54.0406 3324 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:52:54.0421 3324 Apple Mobile Device - ok
21:52:54.0475 3324 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:52:54.0492 3324 arc - ok
21:52:54.0526 3324 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:52:54.0543 3324 arcsas - ok
21:52:54.0602 3324 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
21:52:54.0641 3324 aswFsBlk - ok
21:52:54.0705 3324 aswFW (80beddcbb4a1417cec0c78a61cac0f66) C:\Windows\system32\drivers\aswFW.sys
21:52:54.0719 3324 aswFW - ok
21:52:54.0869 3324 aswKbd (81e695913fefd4e23360a69c0f151797) C:\Windows\system32\drivers\aswKbd.sys
21:52:54.0881 3324 aswKbd - ok
21:52:54.0941 3324 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
21:52:54.0953 3324 aswMonFlt - ok
21:52:54.0981 3324 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
21:52:54.0991 3324 aswNdis - ok
21:52:55.0032 3324 aswNdis2 (72c8f79d72b4ff6e1627276ddf4b01c9) C:\Windows\system32\drivers\aswNdis2.sys
21:52:55.0047 3324 aswNdis2 - ok
21:52:55.0079 3324 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\AswRdr.sys
21:52:55.0091 3324 AswRdr - ok
21:52:55.0123 3324 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
21:52:55.0173 3324 aswSnx - ok
21:52:55.0261 3324 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
21:52:55.0353 3324 aswSP - ok
21:52:55.0387 3324 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
21:52:55.0401 3324 aswTdi - ok
21:52:55.0457 3324 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:52:55.0498 3324 AsyncMac - ok
21:52:55.0513 3324 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:52:55.0528 3324 atapi - ok
21:52:55.0553 3324 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:52:55.0600 3324 AudioEndpointBuilder - ok
21:52:55.0605 3324 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:52:55.0630 3324 Audiosrv - ok
21:52:55.0751 3324 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:52:55.0765 3324 avast! Antivirus - ok
21:52:55.0807 3324 avast! Firewall (7d465549dfb0eca6601e9609c72cd20a) C:\Program Files\AVAST Software\Avast\afwServ.exe
21:52:55.0821 3324 avast! Firewall - ok
21:52:55.0855 3324 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:52:55.0918 3324 Beep - ok
21:52:55.0965 3324 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
21:52:56.0003 3324 BFE - ok
21:52:56.0102 3324 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
21:52:56.0160 3324 BITS - ok
21:52:56.0181 3324 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:52:56.0212 3324 blbdrive - ok
21:52:56.0299 3324 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:52:56.0327 3324 Bonjour Service - ok
21:52:56.0413 3324 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:52:56.0460 3324 bowser - ok
21:52:56.0484 3324 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:52:56.0518 3324 BrFiltLo - ok
21:52:56.0533 3324 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:52:56.0574 3324 BrFiltUp - ok
21:52:56.0601 3324 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:52:56.0644 3324 Browser - ok
21:52:56.0659 3324 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:52:56.0708 3324 Brserid - ok
21:52:56.0722 3324 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:52:56.0776 3324 BrSerWdm - ok
21:52:56.0793 3324 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:52:56.0855 3324 BrUsbMdm - ok
21:52:56.0869 3324 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:52:56.0927 3324 BrUsbSer - ok
21:52:56.0944 3324 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:52:57.0000 3324 BTHMODEM - ok
21:52:57.0016 3324 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:52:57.0046 3324 cdfs - ok
21:52:57.0069 3324 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:52:57.0106 3324 cdrom - ok
21:52:57.0159 3324 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:52:57.0213 3324 CertPropSvc - ok
21:52:57.0223 3324 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:52:57.0255 3324 circlass - ok
21:52:57.0294 3324 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:52:57.0317 3324 CLFS - ok
21:52:57.0369 3324 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:52:57.0385 3324 clr_optimization_v2.0.50727_32 - ok
21:52:57.0440 3324 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:52:57.0459 3324 clr_optimization_v4.0.30319_32 - ok
21:52:57.0470 3324 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:52:57.0485 3324 cmdide - ok
21:52:57.0492 3324 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
21:52:57.0508 3324 Compbatt - ok
21:52:57.0511 3324 COMSysApp - ok
21:52:57.0526 3324 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:52:57.0542 3324 crcdisk - ok
21:52:57.0554 3324 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:52:57.0593 3324 Crusoe - ok
21:52:57.0655 3324 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
21:52:57.0685 3324 CryptSvc - ok
21:52:57.0718 3324 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:52:57.0775 3324 DcomLaunch - ok
21:52:57.0821 3324 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:52:57.0839 3324 DfsC - ok
21:52:57.0914 3324 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
21:52:58.0177 3324 DFSR - ok
21:52:58.0291 3324 dg_ssudbus (f9f31a9f2a8c0dd0ceb6e380bf0985d4) C:\Windows\system32\DRIVERS\ssudbus.sys
21:52:58.0306 3324 dg_ssudbus - ok
21:52:58.0348 3324 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
21:52:58.0386 3324 Dhcp - ok
21:52:58.0411 3324 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:52:58.0427 3324 disk - ok
21:52:58.0470 3324 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
21:52:58.0499 3324 Dnscache - ok
21:52:58.0529 3324 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
21:52:58.0556 3324 dot3svc - ok
21:52:58.0567 3324 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:52:58.0610 3324 DPS - ok
21:52:58.0642 3324 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:52:58.0679 3324 drmkaud - ok
21:52:58.0718 3324 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:52:58.0758 3324 DXGKrnl - ok
21:52:58.0787 3324 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
21:52:58.0819 3324 e1express - ok
21:52:58.0863 3324 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:52:58.0894 3324 E1G60 - ok
21:52:58.0901 3324 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:52:58.0926 3324 EapHost - ok
21:52:58.0964 3324 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:52:58.0983 3324 Ecache - ok
21:52:59.0037 3324 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
21:52:59.0063 3324 ehRecvr - ok
21:52:59.0083 3324 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
21:52:59.0130 3324 ehSched - ok
21:52:59.0145 3324 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
21:52:59.0170 3324 ehstart - ok
21:52:59.0197 3324 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:52:59.0229 3324 elxstor - ok
21:52:59.0269 3324 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
21:52:59.0300 3324 EMDMgmt - ok
21:52:59.0360 3324 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:52:59.0400 3324 ErrDev - ok
21:52:59.0431 3324 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
21:52:59.0478 3324 EventSystem - ok
21:52:59.0515 3324 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:52:59.0542 3324 exfat - ok
21:52:59.0562 3324 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:52:59.0594 3324 fastfat - ok
21:52:59.0608 3324 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:52:59.0647 3324 fdc - ok
21:52:59.0662 3324 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:52:59.0692 3324 fdPHost - ok
21:52:59.0700 3324 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:52:59.0766 3324 FDResPub - ok
21:52:59.0801 3324 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:52:59.0817 3324 FileInfo - ok
21:52:59.0826 3324 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:52:59.0866 3324 Filetrace - ok
21:52:59.0877 3324 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:52:59.0915 3324 flpydisk - ok
21:52:59.0931 3324 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:52:59.0950 3324 FltMgr - ok
21:53:00.0016 3324 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
21:53:00.0062 3324 FontCache - ok
21:53:00.0166 3324 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:53:00.0182 3324 FontCache3.0.0.0 - ok
21:53:00.0201 3324 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
21:53:00.0233 3324 Fs_Rec - ok
21:53:00.0247 3324 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:53:00.0263 3324 gagp30kx - ok
21:53:00.0296 3324 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
21:53:00.0349 3324 gpsvc - ok
21:53:00.0397 3324 gttap1 (696099dee7610b726f61e26e4ec92aaf) C:\Windows\system32\DRIVERS\gttap1.sys
21:53:00.0424 3324 gttap1 - ok
21:53:00.0460 3324 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:53:00.0488 3324 HdAudAddService - ok
21:53:00.0516 3324 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:53:00.0579 3324 HDAudBus - ok
21:53:00.0618 3324 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:53:00.0681 3324 HidBth - ok
21:53:00.0696 3324 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:53:00.0746 3324 HidIr - ok
21:53:00.0761 3324 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
21:53:00.0790 3324 hidserv - ok
21:53:00.0809 3324 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:53:00.0827 3324 HidUsb - ok
21:53:00.0923 3324 HitmanProScheduler (da53819fbb21e6ff91d377283597a6c6) C:\Program Files\HitmanPro\hmpsched.exe
21:53:00.0935 3324 HitmanProScheduler - ok
21:53:00.0974 3324 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:53:01.0000 3324 hkmsvc - ok
21:53:01.0013 3324 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:53:01.0026 3324 HpCISSs - ok
21:53:01.0044 3324 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:53:01.0083 3324 HTTP - ok
21:53:01.0126 3324 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:53:01.0138 3324 i2omp - ok
21:53:01.0169 3324 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:53:01.0196 3324 i8042prt - ok
21:53:01.0237 3324 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:53:01.0257 3324 iaStorV - ok
21:53:01.0377 3324 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:53:01.0424 3324 idsvc - ok
21:53:01.0522 3324 igfx (63c56dac467ef814b60ff2aa2286c917) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:53:01.0580 3324 igfx - ok
21:53:01.0718 3324 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:53:01.0733 3324 iirsp - ok
21:53:01.0766 3324 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
21:53:01.0813 3324 IKEEXT - ok
21:53:01.0827 3324 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:53:01.0843 3324 intelide - ok
21:53:01.0873 3324 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:53:01.0916 3324 intelppm - ok
21:53:01.0924 3324 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:53:01.0965 3324 IPBusEnum - ok
21:53:01.0977 3324 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:53:02.0016 3324 IpFilterDriver - ok
21:53:02.0043 3324 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
21:53:02.0075 3324 iphlpsvc - ok
21:53:02.0078 3324 IpInIp - ok
21:53:02.0092 3324 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:53:02.0135 3324 IPMIDRV - ok
21:53:02.0154 3324 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:53:02.0184 3324 IPNAT - ok
21:53:02.0194 3324 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:53:02.0223 3324 IRENUM - ok
21:53:02.0239 3324 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:53:02.0255 3324 isapnp - ok
21:53:02.0286 3324 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:53:02.0306 3324 iScsiPrt - ok
21:53:02.0320 3324 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:53:02.0335 3324 iteatapi - ok
21:53:02.0365 3324 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:53:02.0379 3324 iteraid - ok
21:53:02.0390 3324 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:53:02.0406 3324 kbdclass - ok
21:53:02.0411 3324 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:53:02.0443 3324 kbdhid - ok
21:53:02.0466 3324 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:53:02.0497 3324 KeyIso - ok
21:53:02.0522 3324 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:53:02.0560 3324 KSecDD - ok
21:53:02.0620 3324 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:53:02.0722 3324 KtmRm - ok
21:53:02.0750 3324 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
21:53:02.0768 3324 LanmanServer - ok
21:53:02.0781 3324 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
21:53:02.0813 3324 LanmanWorkstation - ok
21:53:02.0845 3324 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:53:02.0921 3324 lltdio - ok
21:53:02.0965 3324 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:53:03.0042 3324 lltdsvc - ok
21:53:03.0073 3324 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:53:03.0162 3324 lmhosts - ok
21:53:03.0189 3324 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:53:03.0213 3324 LSI_FC - ok
21:53:03.0236 3324 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:53:03.0260 3324 LSI_SAS - ok
21:53:03.0273 3324 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:53:03.0287 3324 LSI_SCSI - ok
21:53:03.0301 3324 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:53:03.0334 3324 luafv - ok
21:53:03.0383 3324 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
21:53:03.0396 3324 MBAMProtector - ok
21:53:03.0488 3324 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:53:03.0526 3324 MBAMService - ok
21:53:03.0592 3324 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
21:53:03.0648 3324 Mcx2Svc - ok
21:53:03.0705 3324 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:53:03.0728 3324 megasas - ok
21:53:03.0774 3324 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:53:03.0802 3324 MegaSR - ok
21:53:03.0854 3324 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:53:03.0905 3324 MMCSS - ok
21:53:03.0924 3324 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:53:03.0981 3324 Modem - ok
21:53:04.0002 3324 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:53:04.0046 3324 monitor - ok
21:53:04.0072 3324 MOSUMAC (e07afaf733d3004f5dc64aa3a47700b1) C:\Windows\system32\DRIVERS\MOSUMAC.SYS
21:53:04.0094 3324 MOSUMAC - ok
21:53:04.0106 3324 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:53:04.0118 3324 mouclass - ok
21:53:04.0122 3324 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:53:04.0144 3324 mouhid - ok
21:53:04.0159 3324 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:53:04.0172 3324 MountMgr - ok
21:53:04.0243 3324 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:53:04.0277 3324 MozillaMaintenance - ok
21:53:04.0340 3324 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:53:04.0354 3324 mpio - ok
21:53:04.0370 3324 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:53:04.0417 3324 mpsdrv - ok
21:53:04.0471 3324 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
21:53:04.0517 3324 MpsSvc - ok
21:53:04.0569 3324 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:53:04.0584 3324 Mraid35x - ok
21:53:04.0594 3324 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:53:04.0622 3324 MRxDAV - ok
21:53:04.0641 3324 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:53:04.0658 3324 mrxsmb - ok
21:53:04.0676 3324 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:53:04.0706 3324 mrxsmb10 - ok
21:53:04.0714 3324 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:53:04.0741 3324 mrxsmb20 - ok
21:53:04.0758 3324 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
21:53:04.0774 3324 msahci - ok
21:53:04.0786 3324 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:53:04.0804 3324 msdsm - ok
21:53:04.0818 3324 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:53:04.0873 3324 MSDTC - ok
21:53:04.0914 3324 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:53:04.0950 3324 Msfs - ok
21:53:04.0979 3324 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:53:04.0995 3324 msisadrv - ok
21:53:05.0006 3324 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:53:05.0038 3324 MSiSCSI - ok
21:53:05.0054 3324 msiserver - ok
21:53:05.0085 3324 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:53:05.0127 3324 MSKSSRV - ok
21:53:05.0143 3324 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:53:05.0181 3324 MSPCLOCK - ok
21:53:05.0185 3324 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:53:05.0213 3324 MSPQM - ok
21:53:05.0228 3324 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:53:05.0248 3324 MsRPC - ok
21:53:05.0265 3324 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:53:05.0281 3324 mssmbios - ok
21:53:05.0286 3324 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:53:05.0314 3324 MSTEE - ok
21:53:05.0320 3324 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:53:05.0337 3324 Mup - ok
21:53:05.0369 3324 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
21:53:05.0419 3324 napagent - ok
21:53:05.0461 3324 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:53:05.0491 3324 NativeWifiP - ok
21:53:05.0542 3324 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:53:05.0582 3324 NDIS - ok
21:53:05.0630 3324 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:53:05.0664 3324 NdisTapi - ok
21:53:05.0676 3324 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:53:05.0705 3324 Ndisuio - ok
21:53:05.0720 3324 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:53:05.0760 3324 NdisWan - ok
21:53:05.0777 3324 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:53:05.0814 3324 NDProxy - ok
21:53:05.0820 3324 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:53:05.0849 3324 NetBIOS - ok
21:53:05.0863 3324 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:53:05.0904 3324 netbt - ok
21:53:05.0922 3324 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:53:05.0945 3324 Netlogon - ok
21:53:06.0007 3324 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:53:06.0083 3324 Netman - ok
21:53:06.0108 3324 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:53:06.0162 3324 netprofm - ok
21:53:06.0279 3324 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:53:06.0312 3324 NetTcpPortSharing - ok
21:53:06.0342 3324 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:53:06.0376 3324 nfrd960 - ok
21:53:06.0394 3324 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:53:06.0460 3324 NlaSvc - ok
21:53:06.0475 3324 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:53:06.0508 3324 Npfs - ok
21:53:06.0524 3324 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:53:06.0558 3324 nsi - ok
21:53:06.0571 3324 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:53:06.0592 3324 nsiproxy - ok
21:53:06.0638 3324 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:53:06.0688 3324 Ntfs - ok
21:53:06.0704 3324 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:53:06.0740 3324 ntrigdigi - ok
21:53:06.0753 3324 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:53:06.0785 3324 Null - ok
21:53:06.0802 3324 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:53:06.0820 3324 nvraid - ok
21:53:06.0832 3324 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:53:06.0848 3324 nvstor - ok
21:53:06.0857 3324 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:53:06.0874 3324 nv_agp - ok
21:53:06.0878 3324 NwlnkFlt - ok
21:53:06.0883 3324 NwlnkFwd - ok
21:53:06.0920 3324 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:53:06.0968 3324 ohci1394 - ok
21:53:07.0071 3324 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:53:07.0124 3324 p2pimsvc - ok
21:53:07.0131 3324 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:53:07.0160 3324 p2psvc - ok
21:53:07.0223 3324 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
21:53:07.0266 3324 Parport - ok
21:53:07.0325 3324 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
21:53:07.0342 3324 partmgr - ok
21:53:07.0378 3324 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
21:53:07.0417 3324 Parvdm - ok
21:53:07.0423 3324 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:53:07.0446 3324 PcaSvc - ok
21:53:07.0463 3324 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:53:07.0482 3324 pci - ok
21:53:07.0514 3324 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:53:07.0531 3324 pciide - ok
21:53:07.0549 3324 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:53:07.0567 3324 pcmcia - ok
21:53:07.0589 3324 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
21:53:07.0611 3324 pcouffin - ok
21:53:07.0666 3324 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:53:07.0744 3324 PEAUTH - ok
21:53:07.0854 3324 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:53:08.0017 3324 pla - ok
21:53:08.0101 3324 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
21:53:08.0141 3324 PlugPlay - ok
21:53:08.0170 3324 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:53:08.0213 3324 PNRPAutoReg - ok
21:53:08.0220 3324 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:53:08.0244 3324 PNRPsvc - ok
21:53:08.0298 3324 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
21:53:08.0343 3324 PolicyAgent - ok
21:53:08.0410 3324 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:53:08.0446 3324 PptpMiniport - ok
21:53:08.0471 3324 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:53:08.0494 3324 Processor - ok
21:53:08.0507 3324 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
21:53:08.0536 3324 ProfSvc - ok
21:53:08.0554 3324 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:53:08.0571 3324 ProtectedStorage - ok
21:53:08.0596 3324 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:53:08.0620 3324 PSched - ok
21:53:08.0701 3324 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
21:53:08.0714 3324 PSI - ok
21:53:08.0770 3324 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:53:08.0926 3324 ql2300 - ok
21:53:08.0969 3324 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:53:08.0985 3324 ql40xx - ok
21:53:09.0041 3324 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:53:09.0097 3324 QWAVE - ok
21:53:09.0112 3324 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:53:09.0129 3324 QWAVEdrv - ok
21:53:09.0140 3324 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:53:09.0181 3324 RasAcd - ok
21:53:09.0193 3324 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:53:09.0234 3324 RasAuto - ok
21:53:09.0242 3324 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:53:09.0272 3324 Rasl2tp - ok
21:53:09.0292 3324 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
21:53:09.0321 3324 RasMan - ok
21:53:09.0327 3324 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:53:09.0356 3324 RasPppoe - ok
21:53:09.0368 3324 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:53:09.0404 3324 RasSstp - ok
21:53:09.0421 3324 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:53:09.0443 3324 rdbss - ok
21:53:09.0455 3324 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:53:09.0485 3324 RDPCDD - ok
21:53:09.0509 3324 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:53:09.0536 3324 rdpdr - ok
21:53:09.0548 3324 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:53:09.0570 3324 RDPENCDD - ok
21:53:09.0625 3324 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
21:53:09.0664 3324 RDPWD - ok
21:53:09.0712 3324 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:53:09.0744 3324 RemoteAccess - ok
21:53:09.0771 3324 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
21:53:09.0799 3324 RemoteRegistry - ok
21:53:09.0809 3324 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:53:09.0833 3324 RpcLocator - ok
21:53:09.0861 3324 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
21:53:09.0905 3324 RpcSs - ok
21:53:09.0954 3324 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:53:09.0990 3324 rspndr - ok
21:53:10.0018 3324 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:53:10.0093 3324 RTL8169 - ok
21:53:10.0111 3324 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:53:10.0129 3324 SamSs - ok
21:53:10.0192 3324 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:53:10.0204 3324 SASDIFSV - ok
21:53:10.0224 3324 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:53:10.0307 3324 SASKUTIL - ok
21:53:10.0359 3324 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:53:10.0375 3324 sbp2port - ok
21:53:10.0424 3324 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
21:53:10.0452 3324 SCardSvr - ok
21:53:10.0492 3324 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
21:53:10.0526 3324 Schedule - ok
21:53:10.0559 3324 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:53:10.0582 3324 SCPolicySvc - ok
21:53:10.0592 3324 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:53:10.0627 3324 SDRSVC - ok
21:53:10.0644 3324 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:53:10.0710 3324 secdrv - ok
21:53:10.0730 3324 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:53:10.0783 3324 seclogon - ok
21:53:10.0913 3324 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files\Secunia\PSI\PSIA.exe
21:53:10.0960 3324 Secunia PSI Agent - ok
21:53:11.0020 3324 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files\Secunia\PSI\sua.exe
21:53:11.0047 3324 Secunia Update Agent - ok
21:53:11.0164 3324 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
21:53:11.0207 3324 SENS - ok
21:53:11.0239 3324 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
21:53:11.0268 3324 Serenum - ok
21:53:11.0280 3324 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
21:53:11.0323 3324 Serial - ok
21:53:11.0339 3324 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:53:11.0368 3324 sermouse - ok
21:53:11.0383 3324 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:53:11.0415 3324 SessionEnv - ok
21:53:11.0423 3324 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:53:11.0448 3324 sffdisk - ok
21:53:11.0463 3324 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:53:11.0491 3324 sffp_mmc - ok
21:53:11.0499 3324 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:53:11.0527 3324 sffp_sd - ok
21:53:11.0541 3324 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:53:11.0594 3324 sfloppy - ok
21:53:11.0622 3324 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
21:53:11.0656 3324 SharedAccess - ok
21:53:11.0681 3324 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
21:53:11.0718 3324 ShellHWDetection - ok
21:53:11.0737 3324 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:53:11.0754 3324 sisagp - ok
21:53:11.0764 3324 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:53:11.0780 3324 SiSRaid2 - ok
21:53:11.0791 3324 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:53:11.0809 3324 SiSRaid4 - ok
21:53:11.0913 3324 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
21:53:12.0111 3324 slsvc - ok
21:53:12.0193 3324 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
21:53:12.0235 3324 SLUINotify - ok
21:53:12.0297 3324 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:53:12.0329 3324 Smb - ok
21:53:12.0352 3324 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:53:12.0376 3324 SNMPTRAP - ok
21:53:12.0387 3324 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:53:12.0403 3324 spldr - ok
21:53:12.0415 3324 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
21:53:12.0459 3324 Spooler - ok
21:53:12.0490 3324 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:53:12.0527 3324 srv - ok
21:53:12.0549 3324 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:53:12.0568 3324 srv2 - ok
21:53:12.0588 3324 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:53:12.0625 3324 srvnet - ok
21:53:12.0638 3324 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:53:12.0673 3324 SSDPSRV - ok
21:53:12.0711 3324 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:53:12.0740 3324 SstpSvc - ok
21:53:12.0769 3324 ssudmdm (07318149e102fd9197ab444c27774372) C:\Windows\system32\DRIVERS\ssudmdm.sys
21:53:12.0787 3324 ssudmdm - ok
21:53:12.0842 3324 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
21:53:12.0910 3324 stisvc - ok
21:53:12.0928 3324 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:53:12.0947 3324 swenum - ok
21:53:12.0973 3324 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
21:53:13.0017 3324 swprv - ok
21:53:13.0033 3324 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:53:13.0045 3324 Symc8xx - ok
21:53:13.0053 3324 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:53:13.0065 3324 Sym_hi - ok
21:53:13.0076 3324 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:53:13.0088 3324 Sym_u3 - ok
21:53:13.0130 3324 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
21:53:13.0177 3324 SysMain - ok
21:53:13.0186 3324 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:53:13.0204 3324 TabletInputService - ok
21:53:13.0225 3324 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
21:53:13.0290 3324 TapiSrv - ok
21:53:13.0302 3324 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:53:13.0328 3324 TBS - ok
21:53:13.0381 3324 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
21:53:13.0432 3324 Tcpip - ok
21:53:13.0443 3324 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
21:53:13.0478 3324 Tcpip6 - ok
21:53:13.0509 3324 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:53:13.0526 3324 tcpipreg - ok
21:53:13.0541 3324 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:53:13.0571 3324 TDPIPE - ok
21:53:13.0583 3324 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:53:13.0613 3324 TDTCP - ok
21:53:13.0627 3324 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:53:13.0668 3324 tdx - ok
21:53:13.0682 3324 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:53:13.0698 3324 TermDD - ok
21:53:13.0730 3324 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
21:53:13.0766 3324 TermService - ok
21:53:13.0805 3324 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
21:53:13.0840 3324 Themes - ok
21:53:13.0864 3324 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:53:13.0895 3324 THREADORDER - ok
21:53:13.0912 3324 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:53:13.0963 3324 TrkWks - ok
21:53:13.0995 3324 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
21:53:14.0030 3324 TrustedInstaller - ok
21:53:14.0046 3324 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:53:14.0089 3324 tssecsrv - ok
21:53:14.0102 3324 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:53:14.0141 3324 tunmp - ok
21:53:14.0167 3324 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:53:14.0185 3324 tunnel - ok
21:53:14.0205 3324 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:53:14.0222 3324 uagp35 - ok
21:53:14.0237 3324 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:53:14.0265 3324 udfs - ok
21:53:14.0292 3324 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:53:14.0326 3324 UI0Detect - ok
21:53:14.0341 3324 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:53:14.0357 3324 uliagpkx - ok
21:53:14.0378 3324 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:53:14.0399 3324 uliahci - ok
21:53:14.0409 3324 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:53:14.0423 3324 UlSata - ok
21:53:14.0436 3324 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:53:14.0450 3324 ulsata2 - ok
21:53:14.0459 3324 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:53:14.0491 3324 umbus - ok
21:53:14.0512 3324 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:53:14.0540 3324 upnphost - ok
21:53:14.0571 3324 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
21:53:14.0609 3324 usbccgp - ok
21:53:14.0620 3324 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:53:14.0658 3324 usbcir - ok
21:53:14.0669 3324 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:53:14.0695 3324 usbehci - ok
21:53:14.0711 3324 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:53:14.0732 3324 usbhub - ok
21:53:14.0749 3324 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
21:53:14.0784 3324 usbohci - ok
21:53:14.0803 3324 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
21:53:14.0839 3324 usbprint - ok
21:53:14.0849 3324 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:53:14.0868 3324 USBSTOR - ok
21:53:14.0880 3324 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:53:14.0909 3324 usbuhci - ok
21:53:14.0929 3324 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
21:53:14.0951 3324 UxSms - ok
21:53:14.0973 3324 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
21:53:15.0008 3324 vds - ok
21:53:15.0056 3324 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:53:15.0203 3324 vga - ok
21:53:15.0241 3324 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:53:15.0283 3324 VgaSave - ok
21:53:15.0318 3324 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:53:15.0331 3324 viaagp - ok
21:53:15.0343 3324 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:53:15.0366 3324 ViaC7 - ok
21:53:15.0377 3324 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:53:15.0390 3324 viaide - ok
21:53:15.0405 3324 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:53:15.0418 3324 volmgr - ok
21:53:15.0439 3324 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:53:15.0456 3324 volmgrx - ok
21:53:15.0472 3324 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:53:15.0498 3324 volsnap - ok
21:53:15.0512 3324 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:53:15.0526 3324 vsmraid - ok
21:53:15.0597 3324 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
21:53:15.0666 3324 VSS - ok
21:53:15.0710 3324 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
21:53:15.0740 3324 W32Time - ok
21:53:15.0773 3324 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:53:15.0829 3324 WacomPen - ok
21:53:15.0850 3324 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:53:15.0874 3324 Wanarp - ok
21:53:15.0878 3324 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:53:15.0902 3324 Wanarpv6 - ok
21:53:15.0930 3324 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
21:53:15.0965 3324 wcncsvc - ok
21:53:16.0009 3324 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:53:16.0037 3324 WcsPlugInService - ok
21:53:16.0050 3324 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:53:16.0066 3324 Wd - ok
21:53:16.0089 3324 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:53:16.0129 3324 Wdf01000 - ok
21:53:16.0154 3324 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:53:16.0203 3324 WdiServiceHost - ok
21:53:16.0206 3324 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:53:16.0240 3324 WdiSystemHost - ok
21:53:16.0259 3324 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
21:53:16.0284 3324 WebClient - ok
21:53:16.0331 3324 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
21:53:16.0383 3324 Wecsvc - ok
21:53:16.0391 3324 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:53:16.0419 3324 wercplsupport - ok
21:53:16.0431 3324 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
21:53:16.0460 3324 WerSvc - ok
21:53:16.0521 3324 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:53:16.0549 3324 WinDefend - ok
21:53:16.0554 3324 WinHttpAutoProxySvc - ok
21:53:16.0601 3324 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
21:53:16.0626 3324 Winmgmt - ok
21:53:16.0702 3324 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
21:53:16.0766 3324 WinRM - ok
21:53:16.0852 3324 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
21:53:16.0876 3324 WinUSB - ok
21:53:16.0920 3324 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
21:53:16.0961 3324 Wlansvc - ok
21:53:17.0151 3324 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:53:17.0258 3324 wlidsvc - ok
21:53:17.0361 3324 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
21:53:17.0385 3324 WmiAcpi - ok
21:53:17.0440 3324 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
21:53:17.0476 3324 wmiApSrv - ok
21:53:17.0580 3324 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:53:17.0642 3324 WMPNetworkSvc - ok
21:53:17.0707 3324 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
21:53:17.0742 3324 WPCSvc - ok
21:53:17.0752 3324 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
21:53:17.0774 3324 WPDBusEnum - ok
21:53:17.0813 3324 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:53:17.0831 3324 WpdUsb - ok
21:53:17.0928 3324 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:53:17.0964 3324 WPFFontCache_v0400 - ok
21:53:17.0984 3324 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:53:18.0021 3324 ws2ifsl - ok
21:53:18.0029 3324 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
21:53:18.0060 3324 wscsvc - ok
21:53:18.0064 3324 WSearch - ok
21:53:18.0170 3324 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
21:53:18.0266 3324 wuauserv - ok
21:53:18.0430 3324 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:53:18.0460 3324 WUDFRd - ok
21:53:18.0470 3324 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:53:18.0514 3324 wudfsvc - ok
21:53:18.0534 3324 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:53:18.0790 3324 \Device\Harddisk0\DR0 - ok
21:53:18.0793 3324 Boot (0x1200) (3dfd8f055873d9238e5377622da9fb66) \Device\Harddisk0\DR0\Partition0
21:53:18.0794 3324 \Device\Harddisk0\DR0\Partition0 - ok
21:53:18.0803 3324 Boot (0x1200) (c16041381db22404c8fc65dde425fb44) \Device\Harddisk0\DR0\Partition1
21:53:18.0805 3324 \Device\Harddisk0\DR0\Partition1 - ok
21:53:18.0805 3324 ============================================================
21:53:18.0805 3324 Scan finished
21:53:18.0805 3324 ============================================================
21:53:18.0813 4252 Detected object count: 0
21:53:18.0813 4252 Actual detected object count: 0
  • 0

#7
Blueb3325

Blueb3325

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-22 21:55:52
-----------------------------
21:55:52.998 OS Version: Windows 6.0.6002 Service Pack 2
21:55:52.998 Number of processors: 2 586 0xF0B
21:55:53.000 ComputerName: DELL-530 UserName: Chris
21:55:56.133 Initialize success
21:55:56.234 AVAST engine defs: 12062201
21:56:06.605 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:56:06.610 Disk 0 Vendor: ST3320613AS DE11 Size: 305245MB BusType: 3
21:56:06.709 Disk 0 MBR read successfully
21:56:06.711 Disk 0 MBR scan
21:56:06.714 Disk 0 Windows VISTA default MBR code
21:56:06.775 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 295243 MB offset 2048
21:56:06.845 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 604659712
21:56:07.027 Disk 0 scanning sectors +625139712
21:56:07.452 Disk 0 scanning C:\Windows\system32\drivers
21:57:03.525 Service scanning
21:57:19.774 Modules scanning
21:58:01.298 Disk 0 trace - called modules:
21:58:01.348 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys dxgkrnl.sys igdkmd32.sys tcpip.sys NETIO.SYS intelppm.sys
21:58:01.678 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86215ac8]
21:58:01.682 3 CLASSPNP.SYS[8abab8b3] -> nt!IofCallDriver -> [0x84f8d4c8]
21:58:01.687 5 acpi.sys[82a926bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85989b98]
21:58:03.097 AVAST engine scan C:\Windows
21:58:28.716 AVAST engine scan C:\Windows\system32
22:01:00.492 AVAST engine scan C:\Windows\system32\drivers
22:01:10.502 AVAST engine scan C:\Users\Chris
22:06:33.522 AVAST engine scan C:\ProgramData
22:12:17.000 Scan finished successfully
22:23:19.820 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
22:23:19.826 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
How is your system now? Do you still have problems?
  • 0

#9
Blueb3325

Blueb3325

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
still keeps freezing every now and then

my logs okay?
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I don't see any malware on your system now. Let's try repair system. There are no logs for you to post after these steps but let me know how is your system after them.

Step 1

We are going to run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the program, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:
  • My Computer
  • Tools
  • Folder Options
  • View
  • "Uncheck" Hide protected operating system files.
Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:
  • My Computer
  • Tools
  • Folder Options
  • View
  • "Check" Hide protected operating system files.
Step 2

  • Go to Start -> My Computer
  • Right click on C: disk and clik on Properties
  • Click on tab Tools and click on Check now... button
  • Check Automatically fix system errors and Scan for and attempt recovery of bad sectors
  • Click Start button
  • Confirm schedule disk check next time computer starts with Yes button
  • Restart your system and wait while system checks your disk for errors

  • 0

Advertisements


#11
Blueb3325

Blueb3325

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I have vista not xp do I still do the same?
I typed sfc /scannow in and box flashed up split second but nothing happened?

thanks

Edited by Blueb3325, 24 June 2012 - 04:22 PM.

  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Do Step 2. We will come back to sfc /scannow later.
  • 0

#13
Blueb3325

Blueb3325

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
done :)
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's try sfc /scannow again.

  • Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  • Type the following command, and then press ENTER:

    sfc /scannow

If you get any error messages please write it down for me.
  • 0

#15
Blueb3325

Blueb3325

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
oka will do
having difficulty on the net, firefox is not responding all the time now
and when the computer boots up and gets to windows screen it freezes and when I click on an icon my computer beeps
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP