Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

multiple and frequent crashes forcing PC to reboot [Solved]


  • This topic is locked This topic is locked

#1
OGdexter

OGdexter

    Member

  • Member
  • PipPip
  • 85 posts

happened again while I was attempting to post this topic I'll post log asap right now so it goes up . (from here on is an edit after I posted log, afarid it would crash again before I could try description of problems) paid AV bitdefender system scan shows nothing, vulnerabilty scan shows Javase runtime and adobe active X for IE and "other browsers is out of date also, I don't know what to download to remedy that situation, 

 

  OTL logfile created on: 8/10/2014 5:55:23 PM - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 61.40% Memory free
8.00 Gb Paging File | 6.22 Gb Available in Paging File | 77.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.41 Gb Total Space | 855.86 Gb Free Space | 93.90% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/30 21:48:58 | 000,728,328 | ---- | M] (DEVGURU Co., LTD.) -- C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
PRC - [2013/08/06 17:58:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/18 17:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/04/17 22:29:26 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2014/04/17 18:29:24 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2014/03/30 21:48:58 | 000,728,328 | ---- | M] (DEVGURU Co., LTD.) [Auto | Running] -- C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe -- (ss_conn_service)
SRV:64bit: - [2013/11/21 19:31:14 | 000,069,392 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
SRV:64bit: - [2013/11/21 19:30:57 | 001,645,256 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
SRV:64bit: - [2013/08/28 17:38:48 | 000,067,320 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/06/25 18:45:56 | 000,095,184 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/20 18:38:44 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/08 19:33:48 | 000,807,800 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/10 17:50:16 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2014/04/17 19:36:46 | 015,376,384 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/04/17 18:07:06 | 000,638,976 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2014/03/30 21:49:00 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/03/30 21:49:00 | 000,109,056 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2014/02/11 17:36:52 | 000,059,616 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.3)
DRV:64bit: - [2014/01/19 08:50:44 | 000,893,440 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2014/01/19 08:50:44 | 000,635,392 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2013/12/19 09:45:50 | 000,094,720 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/11/21 19:31:19 | 000,082,824 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2013/10/03 04:53:40 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2013/10/03 04:53:13 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/02/22 19:46:52 | 000,093,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2012/11/02 14:17:46 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/04/17 14:34:26 | 000,076,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/14 20:16:37 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/04/27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 09:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/23 15:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [1999/12/31 17:00:00 | 000,553,576 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 89 03 F9 7B 02 CE 01  [binary data]
IE - HKCU\..\URLSearchHook: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.4\vuzeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {7AEB97BD-0E63-403C-A50D-3AE16386AF3D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{7AEB97BD-0E63-403C-A50D-3AE16386AF3D}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{FEE9D4FF-C232-4B04-91E0-E5B0D7ACB3BA}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2013/05/24 05:59:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013/05/24 05:59:31 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Brushed = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\
CHR - Extension: WOT = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.16_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Slick Savings = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.4\vuzeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.4\vuzeToolbarIE.dll (Spigot, Inc.)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe (Raptr, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{052A08B1-2B48-4FF3-BBC4-D63ED6918D5C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/10 17:27:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7455AE82-5C55-4CDF-9C91-6857073BB213}
[2014/08/09 06:22:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FBC02BDF-DC4A-4D9A-BCCE-7D6DAC986F30}
[2014/08/09 05:57:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{062B2FD8-3942-4D97-A562-B4A9AEA409EE}
[2014/08/08 17:11:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3B3565EB-9C29-4C64-A887-73CFC7E30B04}
[2014/08/07 19:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014/08/07 19:21:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014/08/07 19:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/08/07 19:21:13 | 002,162,992 | ---- | C] (Yamaha Corporation) -- C:\Windows\SysNative\YamahaAE.dll
[2014/08/07 19:21:13 | 002,101,848 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2014/08/07 19:21:13 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2014/08/07 19:21:13 | 000,871,856 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tossaeapo64.dll
[2014/08/07 19:21:13 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2014/08/07 19:21:13 | 000,582,056 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosasfapo64.dll
[2014/08/07 19:21:13 | 000,162,224 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\toseaeapo64.dll
[2014/08/07 19:21:13 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2014/08/07 19:21:13 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2014/08/07 19:21:12 | 001,048,824 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll
[2014/08/07 19:21:12 | 000,947,760 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2014/08/07 19:21:12 | 000,889,592 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sl3apo64.dll
[2014/08/07 19:21:12 | 000,724,728 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sltech64.dll
[2014/08/07 19:21:12 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/08/07 19:21:12 | 000,246,008 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\slprp64.dll
[2014/08/07 19:21:12 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2014/08/07 19:21:12 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/08/07 19:21:12 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/08/07 19:21:12 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/08/07 19:21:12 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2014/08/07 19:21:12 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/08/07 19:21:11 | 002,834,648 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2014/08/07 19:21:11 | 001,959,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2014/08/07 19:21:11 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2014/08/07 19:21:11 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2014/08/07 19:21:10 | 001,022,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2014/08/07 19:21:10 | 000,628,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll
[2014/08/07 19:21:10 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/08/07 19:21:10 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/08/07 19:21:10 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2014/08/07 19:21:10 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/08/07 19:21:10 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/08/07 19:21:10 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2014/08/07 19:21:09 | 002,800,344 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RltkAPO64.dll
[2014/08/07 19:21:09 | 001,286,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014/08/07 19:21:09 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/08/07 19:21:09 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/08/07 19:21:08 | 060,955,136 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2014/08/07 19:21:08 | 000,948,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2014/08/07 19:21:06 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/08/07 19:21:06 | 005,751,048 | ---- | C] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOlfx.dll
[2014/08/07 19:21:06 | 000,942,384 | ---- | C] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOSettingsIPC.dll
[2014/08/07 19:21:06 | 000,906,800 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\MISS_APO.dll
[2014/08/07 19:21:06 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/08/07 19:21:06 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/08/07 19:21:06 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/08/07 19:21:06 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/08/07 19:21:04 | 000,662,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/08/07 19:21:03 | 012,894,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO3064.dll
[2014/08/07 19:21:03 | 001,313,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxSpeechAPO64.dll
[2014/08/07 19:21:03 | 000,956,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO2064.dll
[2014/08/07 19:21:02 | 003,959,384 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnN64.dll
[2014/08/07 19:21:00 | 028,343,384 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll
[2014/08/07 19:20:59 | 014,863,448 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2014/08/07 19:20:58 | 002,041,432 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2014/08/07 19:20:58 | 001,934,424 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2014/08/07 19:20:57 | 001,317,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO6064.dll
[2014/08/07 19:20:57 | 001,063,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2014/08/07 19:20:57 | 000,900,696 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysWow64\MaxxAudioAPOShell.dll
[2014/08/07 19:20:56 | 001,168,472 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2014/08/07 19:20:56 | 001,136,728 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll
[2014/08/07 19:20:55 | 000,663,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/08/07 19:20:54 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2014/08/07 19:20:54 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/08/07 19:20:54 | 000,291,488 | ---- | C] (ICEpower a/s) -- C:\Windows\SysNative\ICEsoundAPO64.dll
[2014/08/07 19:20:45 | 002,770,976 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/08/07 19:20:45 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/08/07 19:20:45 | 000,501,184 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2014/08/07 19:20:45 | 000,487,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2014/08/07 19:20:45 | 000,415,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2014/08/07 19:20:44 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/08/07 19:20:44 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/08/07 19:20:44 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/08/07 19:20:44 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/08/07 19:20:43 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/08/07 19:20:43 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/08/07 19:20:43 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/08/07 19:20:43 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/08/07 19:20:43 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/08/07 19:20:42 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/08/07 19:20:42 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/08/07 19:20:40 | 006,218,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPP64A.dll
[2014/08/07 19:20:40 | 001,939,800 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPD64A.dll
[2014/08/07 19:20:40 | 000,315,736 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPO64A.dll
[2014/08/07 19:20:40 | 000,261,464 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPA64.dll
[2014/08/07 19:20:39 | 000,113,576 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2014/08/07 19:20:37 | 000,209,096 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2014/08/07 19:20:37 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2014/08/07 19:14:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
[2014/08/07 19:14:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\library_dir
[2014/08/07 19:12:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Raptr
[2014/08/07 19:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raptr
[2014/08/07 19:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2014/08/07 19:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2014/08/07 19:10:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/08/07 19:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014/08/07 19:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/08/07 18:05:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D7C5C2E4-7D0D-4B75-ABDB-23AC8B68CE17}
[2014/08/06 16:10:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A4B1873A-B333-4424-BF5B-930D3D1E22BC}
[2014/08/05 19:27:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{42DEDB8E-D253-4525-9105-03BA57D4EC6C}
[2014/08/03 07:15:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2DCE4164-D59B-4897-A64A-EBA1A275214F}
[2014/08/02 08:57:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B5FCFB63-56B6-4055-A819-06D05B8211E8}
[2014/07/31 16:48:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D772056B-D4E1-4367-9E36-FCE4778AEFE1}
[2014/07/30 16:32:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5FA84AB7-EDD1-4228-B773-9BA86D41B6EA}
[2014/07/29 05:42:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B1CE4F33-64A3-4511-B9DE-2A8BB45FFCDF}
[2014/07/27 05:30:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{314CC846-3A6A-4BCA-9531-F714DEC87634}
[2014/07/26 07:56:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DAB23E6B-9817-44D9-9533-BD1CF0818DDC}
[2014/07/25 17:53:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D4308F4C-5292-4A91-B898-8D3DD2AF7F5F}
[2014/07/24 17:22:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B5A264B6-2C2F-4801-B261-D94ED3E9187A}
[2014/07/23 17:29:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{EEC37981-7B5C-4964-ACB1-05AED6B37EF2}
[2014/07/21 16:49:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C0D918D5-0D50-46B9-A07B-2F26707D3DDC}
[2014/07/20 20:45:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1E7DE542-EC06-4585-8A56-B9B1DA3E3518}
[2014/07/20 06:18:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E099090A-8E29-45CD-A2E8-6CF239FC920D}
[2014/07/19 17:30:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{503BCD6A-03D6-45AD-B7FD-E49B0BC53648}
[2014/07/19 05:21:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7734B033-5837-4512-A046-E4EAA968E1C1}
[2014/07/17 20:09:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C3B0386B-0306-4A8A-B577-B097BAC6570C}
[2014/07/17 05:49:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{85A5D427-CB49-4014-98A6-2860EBA5CF45}
[2014/07/14 17:14:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5373D0B6-0E12-4CEF-BFD2-D2C336B2A090}
[2014/07/13 18:44:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A58361DD-604D-4652-ADB8-AFE9F92A979D}
[2014/07/13 06:42:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3F926362-522E-4D7B-A512-E6A4E57C7066}
[2014/07/11 19:17:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C30B5456-B8AF-4265-9C88-4F9C88FD71BD}
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/10 17:56:36 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/10 17:56:36 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/10 17:55:03 | 000,001,412 | ---- | M] () -- C:\Users\Owner\Desktop\TFC - Shortcut.lnk
[2014/08/10 17:54:24 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2014/08/10 17:54:24 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\FixCleaner Startup.job
[2014/08/10 17:50:16 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2014/08/10 17:50:08 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/10 17:48:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/10 17:48:29 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/10 17:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/09 23:48:29 | 000,000,501 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
[2014/08/09 23:09:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/09 12:00:00 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\FixCleaner Scan.job
[2014/07/19 05:32:28 | 001,958,161 | ---- | M] () -- C:\Users\Owner\Documents\GMC stereo sheets.pdf
 
========== Files Created - No Company Name ==========
 
[2014/08/10 17:55:03 | 000,001,412 | ---- | C] () -- C:\Users\Owner\Desktop\TFC - Shortcut.lnk
[2014/08/07 19:21:13 | 002,117,424 | ---- | C] () -- C:\Windows\SysNative\SStudio.dll
[2014/08/07 19:21:11 | 005,804,772 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2014/08/07 19:21:09 | 001,057,494 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/08/07 19:20:37 | 000,033,592 | ---- | C] () -- C:\Windows\SysNative\audioLibVc.dll
[2014/08/07 19:20:36 | 000,109,848 | ---- | C] () -- C:\Windows\SysNative\AcpiServiceVnA64.dll
[2014/07/19 05:32:27 | 001,958,161 | ---- | C] () -- C:\Users\Owner\Documents\GMC stereo sheets.pdf
[2014/04/17 22:28:30 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/11/10 17:10:55 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/05/24 06:10:11 | 000,653,810 | ---- | C] () -- C:\ProgramData\1369399563.bdinstall.bin
[2013/05/24 05:43:46 | 000,220,494 | ---- | C] () -- C:\ProgramData\1369399262.bdinstall.bin
[2013/03/28 19:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/28 19:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2012/10/17 19:17:35 | 000,465,351 | ---- | C] () -- C:\ProgramData\1350526422.bdinstall.bin
[2012/10/17 19:12:45 | 000,220,061 | ---- | C] () -- C:\ProgramData\1350526211.bdinstall.bin
[2012/10/17 19:03:49 | 000,455,631 | ---- | C] () -- C:\ProgramData\1350525423.bdinstall.bin
[2012/10/16 15:29:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/16 14:41:39 | 000,030,230 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/10/16 14:40:49 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/10/16 14:40:39 | 000,022,387 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >

Edited by OGdexter, 10 August 2014 - 07:29 PM.

  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I've spotted signs of a P2P program installed on your machine. Vuze

icon_exclaim.gifBe warned:

P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected: unsecured ports, downloaded cracks... There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

I'm rather sure that if you'll continue using P2P, you'll be often visiting our Malware Removal Forum.
 

Further, I cannot help you with your current problem with P2P installed on your computer. Please remove Vuze - do it from the Control Panel > Add/Remove Programs.

 

Next, once Vuze in removed, please run the following scan.

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please copy and paste their content into your next reply.


 

 

 

 


  • 0

#3
OGdexter

OGdexter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts

Ok, done as instructed above.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014 01
Ran by Owner at 2014-08-13 16:39:47
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall (Enabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Bitdefender Total Security 2013 (HKLM\...\Bitdefender) (Version: 16.29.0.1830 - Bitdefender)
Canon Camera Access Library (HKLM-x32\...\CAL) (Version: 8.2.0.1 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.3.0.11 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowMC) (Version: 6.2.0.11 - )
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - )
Canon MF Toolbox 4.9.1.1.mf12 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf12 - CANON INC.)
Canon MF3010 (HKLM\...\{A97F4E18-3053-4652-B763-9A40AE2B1EE5}) (Version: 3.9.0.0 - CANON INC.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.3.0.19 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.4.0.7 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.6.0.9 - )
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 1.0.4.18 - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.18.42 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 5.7.0.74 - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
DriverUpdate (HKLM-x32\...\{850A14FC-F410-47F7-94E4-38F4D3F270D4}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)
FixCleaner (HKLM-x32\...\{76B0EC2C-CB14-422D-AD07-BDAEC0D1BEEB}) (Version: 2.0.5013 - Slimware Utilities, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Word 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NirSoft ProduKey (HKLM-x32\...\NirSoft ProduKey) (Version:  - )
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.47.714.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.42.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
10-07-2014 03:17:19 Windows Update
25-07-2014 00:20:22 Windows Update
08-08-2014 01:48:52 DriverUpdate Installing Drivers
08-08-2014 02:08:20 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
13-08-2014 23:33:33 Removed Vuze Remote Toolbar v7.4.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0F8C5936-F595-44FE-8B54-024849771CBE} - System32\Tasks\FixCleaner Startup => C:\Program Files (x86)\FixCleaner\FixCleaner.exe [2013-09-11] (Slimware Utilities, Inc.)
Task: {1BA555D2-4673-444B-BFBA-885D8061DFD3} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22] (SlimWare Utilities, Inc.)
Task: {2D37676F-EB45-417B-B275-E082932980BB} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {55F4B128-9ED7-446C-A98F-51DE7A9307A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {63C9824E-C9AC-43CB-9620-04111D553273} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8EE67266-CEDB-4C4C-BF87-6E72B5522A19} - System32\Tasks\FixCleaner Scan => C:\Program Files (x86)\FixCleaner\FixCleaner.exe [2013-09-11] (Slimware Utilities, Inc.)
Task: {F3D9D7C9-D2B5-4512-8A6C-B363426AC1DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17] (Google Inc.)
Task: {F4A8CF03-55D5-4526-A49F-13F5ADFF60AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\FixCleaner Scan.job => C:\Program Files (x86)\FixCleaner\FixCleaner.exe
Task: C:\Windows\Tasks\FixCleaner Startup.job => C:\Program Files (x86)\FixCleaner\FixCleaner.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-28 17:38 - 2013-08-28 17:38 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
2013-08-28 17:38 - 2013-08-28 17:38 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\accessl.ui
2013-05-24 05:59 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\bdfwcore.dll
2013-05-24 05:59 - 2013-08-28 17:37 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\IMSecurityAL.ui
2014-07-24 17:24 - 2014-07-24 17:24 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_023\ashttpbr.mdl
2014-07-24 17:24 - 2014-07-24 17:24 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_023\ashttpdsp.mdl
2014-07-24 17:24 - 2014-07-24 17:24 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_023\ashttpph.mdl
2014-07-24 17:24 - 2014-07-24 17:24 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_023\ashttprbl.mdl
2014-04-17 22:29 - 2014-04-17 22:29 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-05-24 05:59 - 2012-06-21 14:01 - 01117480 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2010-11-22 15:56 - 2010-11-22 15:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 15:56 - 2010-11-22 15:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 11:17 - 2011-02-15 11:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 15:57 - 2010-11-22 15:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 15:57 - 2010-11-22 15:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-20 17:05 - 2013-11-20 17:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 15:57 - 2010-11-22 15:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 17:56 - 2014-06-17 17:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 11:17 - 2011-02-15 11:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 16:06 - 2010-11-22 16:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-07-19 06:15 - 2014-07-15 02:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 06:15 - 2014-07-15 02:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 06:15 - 2014-07-15 02:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 06:15 - 2014-07-15 02:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 06:15 - 2014-07-15 02:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (10).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (11).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (12).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (13).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (14).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (15).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (16).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (17).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (18).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (19).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (2).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (3).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (4).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (5).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (6).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (7).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (8).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (9).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\chromeinstall-7u51.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\chromeinstall-7u60.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\DriverUpdate-setup (1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\DriverUpdate-setup (2).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\DriverUpdate-setup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\family_tree_builder_7128.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\FixCleanerSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\fsbl2.2.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\GoogleEarthPluginSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\jre-8u11-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\mbam-clean-1.60.2.0003.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\mbam-setup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\md5sum.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\NetStumblerInstaller_0_4_0.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\OTL.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.42.0.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\Support-LogMeInRescue (1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\TFC.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\unetbootin-windows-506.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\Universal-USB-Installer-1.9.3.9.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\VuzeBittorrentClientInstaller.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\Windows7UpgradeAdvisorSetup.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Application Updater => 2
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/10/2014 07:11:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (08/10/2014 07:01:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Faulting module name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Exception code: 0xc0000005
Fault offset: 0x00001fc9
Faulting process id: 0x988
Faulting application start time: 0xCALMAIN.exe0
Faulting application path: CALMAIN.exe1
Faulting module path: CALMAIN.exe2
Report Id: CALMAIN.exe3
 
Error: (08/10/2014 05:49:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Faulting module name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Exception code: 0xc0000005
Fault offset: 0x00001fc9
Faulting process id: 0x99c
Faulting application start time: 0xCALMAIN.exe0
Faulting application path: CALMAIN.exe1
Faulting module path: CALMAIN.exe2
Report Id: CALMAIN.exe3
 
Error: (08/09/2014 08:08:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Faulting module name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Exception code: 0xc0000005
Fault offset: 0x00001fc9
Faulting process id: 0x8f8
Faulting application start time: 0xCALMAIN.exe0
Faulting application path: CALMAIN.exe1
Faulting module path: CALMAIN.exe2
Report Id: CALMAIN.exe3
 
Error: (08/05/2014 07:35:34 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/28/2014 05:11:35 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/20/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/13/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/06/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/01/2014 06:55:30 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
 
System errors:
=============
Error: (08/12/2014 06:05:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
 
Error: (08/10/2014 07:01:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Canon Camera Access Library 8 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/10/2014 07:01:20 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 20) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Component: AMD Northbridge
Error Source: 3
Error Type: 7
Processor ID: 0
 
The details view of this entry contains further information.
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (08/10/2014 07:11:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (08/10/2014 07:01:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CALMAIN.exe8.2.0.1442b232eCALMAIN.exe8.2.0.1442b232ec000000500001fc998801cfb50820fb7217C:\Program Files (x86)\Canon\CAL\CALMAIN.exeC:\Program Files (x86)\Canon\CAL\CALMAIN.exe636d1ee3-20fb-11e4-a733-bcaec5aecbad
 
Error: (08/10/2014 05:49:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CALMAIN.exe8.2.0.1442b232eCALMAIN.exe8.2.0.1442b232ec000000500001fc999c01cfb4fe1ad351c9C:\Program Files (x86)\Canon\CAL\CALMAIN.exeC:\Program Files (x86)\Canon\CAL\CALMAIN.exe5c653d3b-20f1-11e4-b462-bcaec5aecbad
 
Error: (08/09/2014 08:08:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CALMAIN.exe8.2.0.1442b232eCALMAIN.exe8.2.0.1442b232ec000000500001fc98f801cfb3e3b61bd574C:\Program Files (x86)\Canon\CAL\CALMAIN.exeC:\Program Files (x86)\Canon\CAL\CALMAIN.exef9106def-1fd6-11e4-a98c-bcaec5aecbad
 
Error: (08/05/2014 07:35:34 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (07/28/2014 05:11:35 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (07/20/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (07/13/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (07/06/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (07/01/2014 06:55:30 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-01-29 18:57:19.978
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-29 18:50:21.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-29 16:27:00.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-29 05:35:14.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-29 05:19:41.071
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-28 18:07:19.333
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-28 17:55:26.367
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-28 17:44:41.698
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00174_014\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-28 05:58:39.887
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00174_014\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-27 10:52:40.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00174_014\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 42%
Total physical RAM: 4095.18 MB
Available physical RAM: 2347.86 MB
Total Pagefile: 8188.53 MB
Available Pagefile: 5852.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:911.41 GB) (Free:858.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3CBA6E7B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=911 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=05)
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014 01
Ran by Owner at 2014-08-13 16:39:47
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall (Enabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Bitdefender Total Security 2013 (HKLM\...\Bitdefender) (Version: 16.29.0.1830 - Bitdefender)
Canon Camera Access Library (HKLM-x32\...\CAL) (Version: 8.2.0.1 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.3.0.11 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowMC) (Version: 6.2.0.11 - )
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - )
Canon MF Toolbox 4.9.1.1.mf12 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf12 - CANON INC.)
Canon MF3010 (HKLM\...\{A97F4E18-3053-4652-B763-9A40AE2B1EE5}) (Version: 3.9.0.0 - CANON INC.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.3.0.19 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.4.0.7 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.6.0.9 - )
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 1.0.4.18 - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.18.42 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 5.7.0.74 - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
DriverUpdate (HKLM-x32\...\{850A14FC-F410-47F7-94E4-38F4D3F270D4}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)
FixCleaner (HKLM-x32\...\{76B0EC2C-CB14-422D-AD07-BDAEC0D1BEEB}) (Version: 2.0.5013 - Slimware Utilities, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Word 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NirSoft ProduKey (HKLM-x32\...\NirSoft ProduKey) (Version:  - )
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.47.714.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.42.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
10-07-2014 03:17:19 Windows Update
25-07-2014 00:20:22 Windows Update
08-08-2014 01:48:52 DriverUpdate Installing Drivers
08-08-2014 02:08:20 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
13-08-2014 23:33:33 Removed Vuze Remote Toolbar v7.4.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0F8C5936-F595-44FE-8B54-024849771CBE} - System32\Tasks\FixCleaner Startup => C:\Program Files (x86)\FixCleaner\FixCleaner.exe [2013-09-11] (Slimware Utilities, Inc.)
Task: {1BA555D2-4673-444B-BFBA-885D8061DFD3} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22] (SlimWare Utilities, Inc.)
Task: {2D37676F-EB45-417B-B275-E082932980BB} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {55F4B128-9ED7-446C-A98F-51DE7A9307A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {63C9824E-C9AC-43CB-9620-04111D553273} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8EE67266-CEDB-4C4C-BF87-6E72B5522A19} - System32\Tasks\FixCleaner Scan => C:\Program Files (x86)\FixCleaner\FixCleaner.exe [2013-09-11] (Slimware Utilities, Inc.)
Task: {F3D9D7C9-D2B5-4512-8A6C-B363426AC1DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17] (Google Inc.)
Task: {F4A8CF03-55D5-4526-A49F-13F5ADFF60AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\FixCleaner Scan.job => C:\Program Files (x86)\FixCleaner\FixCleaner.exe
Task: C:\Windows\Tasks\FixCleaner Startup.job => C:\Program Files (x86)\FixCleaner\FixCleaner.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-28 17:38 - 2013-08-28 17:38 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
2013-08-28 17:38 - 2013-08-28 17:38 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\accessl.ui
2013-05-24 05:59 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\bdfwcore.dll
2013-05-24 05:59 - 2013-08-28 17:37 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\IMSecurityAL.ui
2014-07-24 17:24 - 2014-07-24 17:24 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_023\ashttpbr.mdl
2014-07-24 17:24 - 2014-07-24 17:24 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_023\ashttpdsp.mdl
2014-07-24 17:24 - 2014-07-24 17:24 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_023\ashttpph.mdl
2014-07-24 17:24 - 2014-07-24 17:24 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_023\ashttprbl.mdl
2014-04-17 22:29 - 2014-04-17 22:29 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-05-24 05:59 - 2012-06-21 14:01 - 01117480 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2010-11-22 15:56 - 2010-11-22 15:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 15:56 - 2010-11-22 15:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 11:17 - 2011-02-15 11:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 15:57 - 2010-11-22 15:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 15:57 - 2010-11-22 15:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-20 17:05 - 2013-11-20 17:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 15:57 - 2010-11-22 15:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 17:56 - 2014-06-17 17:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 11:17 - 2011-02-15 11:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 16:06 - 2010-11-22 16:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-07-19 06:15 - 2014-07-15 02:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 06:15 - 2014-07-15 02:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 06:15 - 2014-07-15 02:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 06:15 - 2014-07-15 02:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 06:15 - 2014-07-15 02:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (10).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (11).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (12).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (13).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (14).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (15).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (16).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (17).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (18).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (19).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (2).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (3).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (4).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (5).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (6).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (7).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (8).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (9).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\chromeinstall-7u51.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\chromeinstall-7u60.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\DriverUpdate-setup (1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\DriverUpdate-setup (2).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\DriverUpdate-setup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\family_tree_builder_7128.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\FixCleanerSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\fsbl2.2.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\GoogleEarthPluginSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\jre-8u11-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\mbam-clean-1.60.2.0003.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\mbam-setup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\md5sum.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\NetStumblerInstaller_0_4_0.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\OTL.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.42.0.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\Support-LogMeInRescue (1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\TFC.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\unetbootin-windows-506.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\Universal-USB-Installer-1.9.3.9.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\VuzeBittorrentClientInstaller.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\Windows7UpgradeAdvisorSetup.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Application Updater => 2
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/10/2014 07:11:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (08/10/2014 07:01:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Faulting module name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Exception code: 0xc0000005
Fault offset: 0x00001fc9
Faulting process id: 0x988
Faulting application start time: 0xCALMAIN.exe0
Faulting application path: CALMAIN.exe1
Faulting module path: CALMAIN.exe2
Report Id: CALMAIN.exe3
 
Error: (08/10/2014 05:49:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Faulting module name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Exception code: 0xc0000005
Fault offset: 0x00001fc9
Faulting process id: 0x99c
Faulting application start time: 0xCALMAIN.exe0
Faulting application path: CALMAIN.exe1
Faulting module path: CALMAIN.exe2
Report Id: CALMAIN.exe3
 
Error: (08/09/2014 08:08:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Faulting module name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Exception code: 0xc0000005
Fault offset: 0x00001fc9
Faulting process id: 0x8f8
Faulting application start time: 0xCALMAIN.exe0
Faulting application path: CALMAIN.exe1
Faulting module path: CALMAIN.exe2
Report Id: CALMAIN.exe3
 
Error: (08/05/2014 07:35:34 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/28/2014 05:11:35 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/20/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/13/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/06/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/01/2014 06:55:30 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
 
System errors:
=============
Error: (08/12/2014 06:05:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
 
Error: (08/10/2014 07:01:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Canon Camera Access Library 8 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/10/2014 07:01:20 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 20) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Component: AMD Northbridge
Error Source: 3
Error Type: 7
Processor ID: 0
 
The details view of this entry contains further information.
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (08/10/2014 07:11:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (08/10/2014 07:01:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CALMAIN.exe8.2.0.1442b232eCALMAIN.exe8.2.0.1442b232ec000000500001fc998801cfb50820fb7217C:\Program Files (x86)\Canon\CAL\CALMAIN.exeC:\Program Files (x86)\Canon\CAL\CALMAIN.exe636d1ee3-20fb-11e4-a733-bcaec5aecbad
 
Error: (08/10/2014 05:49:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CALMAIN.exe8.2.0.1442b232eCALMAIN.exe8.2.0.1442b232ec000000500001fc999c01cfb4fe1ad351c9C:\Program Files (x86)\Canon\CAL\CALMAIN.exeC:\Program Files (x86)\Canon\CAL\CALMAIN.exe5c653d3b-20f1-11e4-b462-bcaec5aecbad
 
Error: (08/09/2014 08:08:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CALMAIN.exe8.2.0.1442b232eCALMAIN.exe8.2.0.1442b232ec000000500001fc98f801cfb3e3b61bd574C:\Program Files (x86)\Canon\CAL\CALMAIN.exeC:\Program Files (x86)\Canon\CAL\CALMAIN.exef9106def-1fd6-11e4-a98c-bcaec5aecbad
 
Error: (08/05/2014 07:35:34 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (07/28/2014 05:11:35 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (07/20/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (07/13/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (07/06/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (07/01/2014 06:55:30 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-01-29 18:57:19.978
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-29 18:50:21.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-29 16:27:00.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-29 05:35:14.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-29 05:19:41.071
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-28 18:07:19.333
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-28 17:55:26.367
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-28 17:44:41.698
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00174_014\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-28 05:58:39.887
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00174_014\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-27 10:52:40.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00174_014\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 42%
Total physical RAM: 4095.18 MB
Available physical RAM: 2347.86 MB
Total Pagefile: 8188.53 MB
Available Pagefile: 5852.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:911.41 GB) (Free:858.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3CBA6E7B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=911 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=05)
 
==================== End Of Log ============================

  • 0

#4
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

:)  Unfortunately, you've got the Additionl.txt in twice and are missing the FRST.txt output.

 

Would you locate the FRST.txt file and post it for me please? :)


  • 0

#5
OGdexter

OGdexter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts

OKey Dokey..(sorry)

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014 01
Ran by Owner at 2014-08-13 16:39:47
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall (Enabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Bitdefender Total Security 2013 (HKLM\...\Bitdefender) (Version: 16.29.0.1830 - Bitdefender)
Canon Camera Access Library (HKLM-x32\...\CAL) (Version: 8.2.0.1 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.3.0.11 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowMC) (Version: 6.2.0.11 - )
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - )
Canon MF Toolbox 4.9.1.1.mf12 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf12 - CANON INC.)
Canon MF3010 (HKLM\...\{A97F4E18-3053-4652-B763-9A40AE2B1EE5}) (Version: 3.9.0.0 - CANON INC.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.3.0.19 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.4.0.7 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.6.0.9 - )
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 1.0.4.18 - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.18.42 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 5.7.0.74 - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
DriverUpdate (HKLM-x32\...\{850A14FC-F410-47F7-94E4-38F4D3F270D4}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)
FixCleaner (HKLM-x32\...\{76B0EC2C-CB14-422D-AD07-BDAEC0D1BEEB}) (Version: 2.0.5013 - Slimware Utilities, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Word 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NirSoft ProduKey (HKLM-x32\...\NirSoft ProduKey) (Version:  - )
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.47.714.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.42.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
10-07-2014 03:17:19 Windows Update
25-07-2014 00:20:22 Windows Update
08-08-2014 01:48:52 DriverUpdate Installing Drivers
08-08-2014 02:08:20 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
13-08-2014 23:33:33 Removed Vuze Remote Toolbar v7.4.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0F8C5936-F595-44FE-8B54-024849771CBE} - System32\Tasks\FixCleaner Startup => C:\Program Files (x86)\FixCleaner\FixCleaner.exe [2013-09-11] (Slimware Utilities, Inc.)
Task: {1BA555D2-4673-444B-BFBA-885D8061DFD3} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22] (SlimWare Utilities, Inc.)
Task: {2D37676F-EB45-417B-B275-E082932980BB} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {55F4B128-9ED7-446C-A98F-51DE7A9307A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {63C9824E-C9AC-43CB-9620-04111D553273} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8EE67266-CEDB-4C4C-BF87-6E72B5522A19} - System32\Tasks\FixCleaner Scan => C:\Program Files (x86)\FixCleaner\FixCleaner.exe [2013-09-11] (Slimware Utilities, Inc.)
Task: {F3D9D7C9-D2B5-4512-8A6C-B363426AC1DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17] (Google Inc.)
Task: {F4A8CF03-55D5-4526-A49F-13F5ADFF60AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-17] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\FixCleaner Scan.job => C:\Program Files (x86)\FixCleaner\FixCleaner.exe
Task: C:\Windows\Tasks\FixCleaner Startup.job => C:\Program Files (x86)\FixCleaner\FixCleaner.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-28 17:38 - 2013-08-28 17:38 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
2013-08-28 17:38 - 2013-08-28 17:38 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\accessl.ui
2013-05-24 05:59 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\bdfwcore.dll
2013-05-24 05:59 - 2013-08-28 17:37 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\IMSecurityAL.ui
2014-07-24 17:24 - 2014-07-24 17:24 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_023\ashttpbr.mdl
2014-07-24 17:24 - 2014-07-24 17:24 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_023\ashttpdsp.mdl
2014-07-24 17:24 - 2014-07-24 17:24 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_023\ashttpph.mdl
2014-07-24 17:24 - 2014-07-24 17:24 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00047_023\ashttprbl.mdl
2014-04-17 22:29 - 2014-04-17 22:29 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-05-24 05:59 - 2012-06-21 14:01 - 01117480 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2010-11-22 15:56 - 2010-11-22 15:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 15:56 - 2010-11-22 15:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 11:17 - 2011-02-15 11:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 15:57 - 2010-11-22 15:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 15:57 - 2010-11-22 15:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-20 17:05 - 2013-11-20 17:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 15:57 - 2010-11-22 15:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 17:56 - 2014-06-17 17:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 11:17 - 2011-02-15 11:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 16:06 - 2010-11-22 16:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-07-19 06:15 - 2014-07-15 02:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 06:15 - 2014-07-15 02:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 06:15 - 2014-07-15 02:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 06:15 - 2014-07-15 02:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 06:15 - 2014-07-15 02:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (10).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (11).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (12).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (13).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (14).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (15).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (16).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (17).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (18).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (19).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (2).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (3).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (4).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (5).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (6).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (7).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (8).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader (9).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\amddriverdownloader.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\chromeinstall-7u51.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\chromeinstall-7u60.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\DriverUpdate-setup (1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\DriverUpdate-setup (2).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\DriverUpdate-setup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\family_tree_builder_7128.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\FixCleanerSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\fsbl2.2.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\GoogleEarthPluginSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\jre-8u11-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\mbam-clean-1.60.2.0003.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\mbam-setup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\md5sum.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\NetStumblerInstaller_0_4_0.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\OTL.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.42.0.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\Support-LogMeInRescue (1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\TFC.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\unetbootin-windows-506.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\Universal-USB-Installer-1.9.3.9.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\VuzeBittorrentClientInstaller.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\Windows7UpgradeAdvisorSetup.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Application Updater => 2
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/10/2014 07:11:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (08/10/2014 07:01:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Faulting module name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Exception code: 0xc0000005
Fault offset: 0x00001fc9
Faulting process id: 0x988
Faulting application start time: 0xCALMAIN.exe0
Faulting application path: CALMAIN.exe1
Faulting module path: CALMAIN.exe2
Report Id: CALMAIN.exe3
 
Error: (08/10/2014 05:49:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Faulting module name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Exception code: 0xc0000005
Fault offset: 0x00001fc9
Faulting process id: 0x99c
Faulting application start time: 0xCALMAIN.exe0
Faulting application path: CALMAIN.exe1
Faulting module path: CALMAIN.exe2
Report Id: CALMAIN.exe3
 
Error: (08/09/2014 08:08:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Faulting module name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Exception code: 0xc0000005
Fault offset: 0x00001fc9
Faulting process id: 0x8f8
Faulting application start time: 0xCALMAIN.exe0
Faulting application path: CALMAIN.exe1
Faulting module path: CALMAIN.exe2
Report Id: CALMAIN.exe3
 
Error: (08/05/2014 07:35:34 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/28/2014 05:11:35 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/20/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/13/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/06/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/01/2014 06:55:30 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
 
System errors:
=============
Error: (08/12/2014 06:05:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
 
Error: (08/10/2014 07:01:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Canon Camera Access Library 8 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/10/2014 07:01:20 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 20) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Component: AMD Northbridge
Error Source: 3
Error Type: 7
Processor ID: 0
 
The details view of this entry contains further information.
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/10/2014 06:56:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (08/10/2014 07:11:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (08/10/2014 07:01:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CALMAIN.exe8.2.0.1442b232eCALMAIN.exe8.2.0.1442b232ec000000500001fc998801cfb50820fb7217C:\Program Files (x86)\Canon\CAL\CALMAIN.exeC:\Program Files (x86)\Canon\CAL\CALMAIN.exe636d1ee3-20fb-11e4-a733-bcaec5aecbad
 
Error: (08/10/2014 05:49:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CALMAIN.exe8.2.0.1442b232eCALMAIN.exe8.2.0.1442b232ec000000500001fc999c01cfb4fe1ad351c9C:\Program Files (x86)\Canon\CAL\CALMAIN.exeC:\Program Files (x86)\Canon\CAL\CALMAIN.exe5c653d3b-20f1-11e4-b462-bcaec5aecbad
 
Error: (08/09/2014 08:08:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CALMAIN.exe8.2.0.1442b232eCALMAIN.exe8.2.0.1442b232ec000000500001fc98f801cfb3e3b61bd574C:\Program Files (x86)\Canon\CAL\CALMAIN.exeC:\Program Files (x86)\Canon\CAL\CALMAIN.exef9106def-1fd6-11e4-a98c-bcaec5aecbad
 
Error: (08/05/2014 07:35:34 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (07/28/2014 05:11:35 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (07/20/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (07/13/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (07/06/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (07/01/2014 06:55:30 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-01-29 18:57:19.978
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-29 18:50:21.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-29 16:27:00.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-29 05:35:14.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-29 05:19:41.071
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-28 18:07:19.333
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-28 17:55:26.367
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_015\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-28 17:44:41.698
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00174_014\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-28 05:58:39.887
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00174_014\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-01-27 10:52:40.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00174_014\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 42%
Total physical RAM: 4095.18 MB
Available physical RAM: 2347.86 MB
Total Pagefile: 8188.53 MB
Available Pagefile: 5852.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:911.41 GB) (Free:858.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3CBA6E7B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=911 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=05)
 
==================== End Of Log ============================

  • 0

#6
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Unfortunately, you posted Addition.txt again. I need frst.txt :)

 

Third times the charm :yes:


  • 0

#7
OGdexter

OGdexter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts

arrgh, for some reason the frst.txt and addition.txt saved to desktop are the same thing? 

 

Ran FRST again this morning 8-16-2014 without checking addition, here it is

 

WTH is Raptor?

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Owner (administrator) on OWNER-PC on 16-08-2014 08:04:43
Running from C:\Users\Owner\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Canon Inc.) C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Slimware Utilities, Inc.) C:\Program Files (x86)\FixCleaner\FixCleaner.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1571072 2013-11-21] (Bitdefender)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573720 1999-12-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-1458884842-1907561465-2693528813-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-07-30] (Raptr, Inc)
HKU\S-1-5-21-1458884842-1907561465-2693528813-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-1458884842-1907561465-2693528813-1000\...\Policies\Explorer: [NoThumbnailCache] 1
ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF08903F97B02CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {FEE9D4FF-C232-4B04-91E0-E5B0D7ACB3BA} URL = http://search.yahoo....p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013-05-24]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ch"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Brushed) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2012-10-17]
CHR Extension: (WOT) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2012-10-17]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-17]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-17]
CHR Extension: (Slick Savings) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013-08-11]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (NotScripts) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn [2013-02-19]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Owner\AppData\Local\Slick Savings\coupons.crx [2013-08-11]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2013-08-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-11-21] (Bitdefender)
R2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [95184 2012-06-25] (Bitdefender)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [728328 2014-03-30] (DEVGURU Co., LTD.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-08-28] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2013-11-21] (Bitdefender)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2014-01-19] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2014-01-19] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-21] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-10-03] (BitDefender LLC)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-08-16] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-10-03] (BitDefender S.R.L.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-16 08:04 - 2014-08-16 08:04 - 00000000 ____D () C:\Users\Owner\Downloads\FRST-OlderVersion
2014-08-16 08:01 - 2014-08-16 08:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FB105E64-E0F4-4CF0-8A5B-8225E1A2D863}
2014-08-14 18:12 - 2014-08-14 18:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{24562222-DE8A-429D-B055-8113588B8B63}
2014-08-14 18:09 - 2014-08-14 18:09 - 00262144 ____N () C:\Windows\Minidump\081414-15990-01.dmp
2014-08-13 16:50 - 2014-08-13 16:50 - 00046888 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-08-13 16:50 - 2014-08-13 16:50 - 00046888 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-08-13 16:39 - 2014-08-13 16:40 - 00046888 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-08-13 16:38 - 2014-08-16 08:04 - 00015472 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-08-13 16:37 - 2014-08-13 16:38 - 00001443 _____ () C:\Users\Owner\Desktop\FRST64 - Shortcut.lnk
2014-08-13 16:35 - 2014-08-16 08:04 - 00000000 ____D () C:\FRST
2014-08-13 16:34 - 2014-08-16 08:04 - 02101760 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-08-13 16:28 - 2014-08-13 16:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\{250E5591-C247-4CDC-9842-80B78B8EEB47}
2014-08-12 16:54 - 2014-08-12 16:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CCBCE337-3131-46FB-B166-4C100A5AD3D4}
2014-08-10 18:55 - 2014-08-10 18:55 - 00262144 ____N () C:\Windows\Minidump\081014-23010-01.dmp
2014-08-10 18:20 - 2014-08-10 18:20 - 00262144 ____N () C:\Windows\Minidump\081014-17768-01.dmp
2014-08-10 18:01 - 2014-08-10 18:01 - 00084302 _____ () C:\Users\Owner\Desktop\OTL.Txt
2014-08-10 17:55 - 2014-08-10 17:55 - 00001412 _____ () C:\Users\Owner\Desktop\TFC - Shortcut.lnk
2014-08-10 17:48 - 2014-08-10 17:48 - 00262144 ____N () C:\Windows\Minidump\081014-21574-01.dmp
2014-08-10 17:46 - 2014-08-10 17:47 - 34176936 _____ (Oracle Corporation) C:\Users\Owner\Downloads\jre-8u11-windows-x64.exe
2014-08-10 17:35 - 2014-08-10 17:35 - 00262144 ____N () C:\Windows\Minidump\081014-15678-01.dmp
2014-08-10 17:27 - 2014-08-10 17:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\{7455AE82-5C55-4CDF-9C91-6857073BB213}
2014-08-09 12:03 - 2014-08-16 07:11 - 00000672 _____ () C:\Windows\setupact.log
2014-08-09 12:03 - 2014-08-14 16:56 - 00007098 _____ () C:\Windows\PFRO.log
2014-08-09 12:03 - 2014-08-09 12:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-09 06:22 - 2014-08-09 06:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FBC02BDF-DC4A-4D9A-BCCE-7D6DAC986F30}
2014-08-09 05:57 - 2014-08-09 05:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\{062B2FD8-3942-4D97-A562-B4A9AEA409EE}
2014-08-08 17:11 - 2014-08-08 17:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3B3565EB-9C29-4C64-A887-73CFC7E30B04}
2014-08-07 19:28 - 2014-08-07 19:28 - 00000000 ____D () C:\ProgramData\ATI
2014-08-07 19:21 - 2014-08-07 19:21 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-08-07 19:21 - 2014-08-07 19:21 - 00000000 ____D () C:\Program Files\Realtek
2014-08-07 19:21 - 1999-12-31 17:00 - 60955136 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-08-07 19:21 - 1999-12-31 17:00 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 12894808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2014-08-07 19:21 - 1999-12-31 17:00 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 03959384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 03956056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-08-07 19:21 - 1999-12-31 17:00 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 02117424 _____ () C:\Windows\system32\SStudio.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-08-07 19:21 - 1999-12-31 17:00 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 01057494 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-08-07 19:21 - 1999-12-31 17:00 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00956504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2014-08-07 19:21 - 1999-12-31 17:00 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 01317976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 01168472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00291488 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-08-07 19:20 - 1999-12-31 17:00 - 00033592 _____ () C:\Windows\system32\audioLibVc.dll
2014-08-07 19:14 - 2014-08-07 19:14 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-08-07 19:14 - 2014-08-07 19:14 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\library_dir
2014-08-07 19:12 - 2014-08-16 07:12 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Raptr
2014-08-07 19:12 - 2014-08-07 19:14 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-07 19:12 - 2014-08-07 19:12 - 00061432 _____ () C:\Windows\SysWOW64\CCCInstall_201408071912214837.log
2014-08-07 19:12 - 2014-08-07 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-08-07 19:12 - 2014-08-07 19:12 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-08-07 19:09 - 2014-08-07 19:09 - 00000000 ____D () C:\Program Files\AMD
2014-08-07 19:08 - 2014-08-07 19:08 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-07 18:05 - 2014-08-07 18:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D7C5C2E4-7D0D-4B75-ABDB-23AC8B68CE17}
2014-08-06 16:10 - 2014-08-06 16:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\{A4B1873A-B333-4424-BF5B-930D3D1E22BC}
2014-08-05 19:27 - 2014-08-05 19:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\{42DEDB8E-D253-4525-9105-03BA57D4EC6C}
2014-08-03 07:15 - 2014-08-03 07:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2DCE4164-D59B-4897-A64A-EBA1A275214F}
2014-08-02 08:57 - 2014-08-02 08:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\{B5FCFB63-56B6-4055-A819-06D05B8211E8}
2014-07-31 16:48 - 2014-07-31 16:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D772056B-D4E1-4367-9E36-FCE4778AEFE1}
2014-07-30 16:32 - 2014-07-30 16:32 - 00000000 ____D () C:\Users\Owner\AppData\Local\{5FA84AB7-EDD1-4228-B773-9BA86D41B6EA}
2014-07-29 05:42 - 2014-07-29 05:42 - 00000000 ____D () C:\Users\Owner\AppData\Local\{B1CE4F33-64A3-4511-B9DE-2A8BB45FFCDF}
2014-07-27 05:30 - 2014-07-27 05:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{314CC846-3A6A-4BCA-9531-F714DEC87634}
2014-07-26 07:56 - 2014-07-26 07:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\{DAB23E6B-9817-44D9-9533-BD1CF0818DDC}
2014-07-25 17:53 - 2014-07-25 17:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D4308F4C-5292-4A91-B898-8D3DD2AF7F5F}
2014-07-24 17:22 - 2014-07-24 17:23 - 00000000 ____D () C:\Users\Owner\AppData\Local\{B5A264B6-2C2F-4801-B261-D94ED3E9187A}
2014-07-23 17:29 - 2014-07-23 17:29 - 00000000 ____D () C:\Users\Owner\AppData\Local\{EEC37981-7B5C-4964-ACB1-05AED6B37EF2}
2014-07-21 16:49 - 2014-07-21 16:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C0D918D5-0D50-46B9-A07B-2F26707D3DDC}
2014-07-20 20:45 - 2014-07-20 20:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1E7DE542-EC06-4585-8A56-B9B1DA3E3518}
2014-07-20 06:18 - 2014-07-20 06:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E099090A-8E29-45CD-A2E8-6CF239FC920D}
2014-07-19 17:30 - 2014-07-19 17:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{503BCD6A-03D6-45AD-B7FD-E49B0BC53648}
2014-07-19 05:21 - 2014-07-19 05:21 - 00000000 ____D () C:\Users\Owner\AppData\Local\{7734B033-5837-4512-A046-E4EAA968E1C1}
2014-07-17 20:09 - 2014-07-17 20:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C3B0386B-0306-4A8A-B577-B097BAC6570C}
2014-07-17 05:49 - 2014-07-17 05:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{85A5D427-CB49-4014-98A6-2860EBA5CF45}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-16 08:05 - 2014-08-13 16:38 - 00015472 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-08-16 08:04 - 2014-08-16 08:04 - 00000000 ____D () C:\Users\Owner\Downloads\FRST-OlderVersion
2014-08-16 08:04 - 2014-08-13 16:35 - 00000000 ____D () C:\FRST
2014-08-16 08:04 - 2014-08-13 16:34 - 02101760 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-08-16 08:01 - 2014-08-16 08:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FB105E64-E0F4-4CF0-8A5B-8225E1A2D863}
2014-08-16 07:56 - 2012-11-12 17:18 - 00000501 _____ () C:\Windows\system32\checkdnsid.xml
2014-08-16 07:38 - 2012-10-17 11:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-16 07:18 - 2009-07-13 21:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-16 07:18 - 2009-07-13 21:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-16 07:12 - 2014-08-07 19:12 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Raptr
2014-08-16 07:12 - 2012-10-16 14:21 - 01420949 _____ () C:\Windows\WindowsUpdate.log
2014-08-16 07:11 - 2014-08-09 12:03 - 00000672 _____ () C:\Windows\setupact.log
2014-08-16 07:11 - 2013-11-10 16:24 - 00002828 _____ () C:\Windows\System32\Tasks\FixCleaner Startup
2014-08-16 07:11 - 2013-11-10 16:24 - 00000402 _____ () C:\Windows\Tasks\FixCleaner Startup.job
2014-08-16 07:11 - 2013-11-10 16:12 - 00002844 _____ () C:\Windows\System32\Tasks\DriverUpdate Startup
2014-08-16 07:11 - 2013-11-10 16:12 - 00000418 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2014-08-16 07:11 - 2012-10-27 17:10 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-08-16 07:11 - 2012-10-17 13:50 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-16 07:11 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-14 18:12 - 2014-08-14 18:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\{24562222-DE8A-429D-B055-8113588B8B63}
2014-08-14 18:09 - 2014-08-14 18:09 - 00262144 ____N () C:\Windows\Minidump\081414-15990-01.dmp
2014-08-14 18:09 - 2012-10-20 18:59 - 00000000 ____D () C:\Windows\Minidump
2014-08-14 18:09 - 2012-10-17 13:50 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-14 16:56 - 2014-08-09 12:03 - 00007098 _____ () C:\Windows\PFRO.log
2014-08-13 16:50 - 2014-08-13 16:50 - 00046888 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-08-13 16:50 - 2014-08-13 16:50 - 00046888 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-08-13 16:40 - 2014-08-13 16:39 - 00046888 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-08-13 16:38 - 2014-08-13 16:37 - 00001443 _____ () C:\Users\Owner\Desktop\FRST64 - Shortcut.lnk
2014-08-13 16:33 - 2013-08-11 14:20 - 00000000 ____D () C:\Program Files\Vuze
2014-08-13 16:28 - 2014-08-13 16:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\{250E5591-C247-4CDC-9842-80B78B8EEB47}
2014-08-12 16:54 - 2014-08-12 16:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\{CCBCE337-3131-46FB-B166-4C100A5AD3D4}
2014-08-10 18:55 - 2014-08-10 18:55 - 00262144 ____N () C:\Windows\Minidump\081014-23010-01.dmp
2014-08-10 18:20 - 2014-08-10 18:20 - 00262144 ____N () C:\Windows\Minidump\081014-17768-01.dmp
2014-08-10 18:01 - 2014-08-10 18:01 - 00084302 _____ () C:\Users\Owner\Desktop\OTL.Txt
2014-08-10 18:00 - 2013-08-06 18:04 - 00084302 _____ () C:\Users\Owner\Downloads\OTL.Txt
2014-08-10 17:55 - 2014-08-10 17:55 - 00001412 _____ () C:\Users\Owner\Desktop\TFC - Shortcut.lnk
2014-08-10 17:54 - 2012-11-14 06:22 - 00000000 ____D () C:\Users\Owner\AppData\Temp
2014-08-10 17:48 - 2014-08-10 17:48 - 00262144 ____N () C:\Windows\Minidump\081014-21574-01.dmp
2014-08-10 17:47 - 2014-08-10 17:46 - 34176936 _____ (Oracle Corporation) C:\Users\Owner\Downloads\jre-8u11-windows-x64.exe
2014-08-10 17:35 - 2014-08-10 17:35 - 00262144 ____N () C:\Windows\Minidump\081014-15678-01.dmp
2014-08-10 17:27 - 2014-08-10 17:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\{7455AE82-5C55-4CDF-9C91-6857073BB213}
2014-08-09 12:03 - 2014-08-09 12:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-09 12:00 - 2013-11-10 16:25 - 00000462 _____ () C:\Windows\Tasks\FixCleaner Scan.job
2014-08-09 06:22 - 2014-08-09 06:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\{FBC02BDF-DC4A-4D9A-BCCE-7D6DAC986F30}
2014-08-09 05:57 - 2014-08-09 05:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\{062B2FD8-3942-4D97-A562-B4A9AEA409EE}
2014-08-08 17:12 - 2014-08-08 17:11 - 00000000 ____D () C:\Users\Owner\AppData\Local\{3B3565EB-9C29-4C64-A887-73CFC7E30B04}
2014-08-07 19:28 - 2014-08-07 19:28 - 00000000 ____D () C:\ProgramData\ATI
2014-08-07 19:22 - 2012-10-16 14:43 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-08-07 19:21 - 2014-08-07 19:21 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-08-07 19:21 - 2014-08-07 19:21 - 00000000 ____D () C:\Program Files\Realtek
2014-08-07 19:20 - 2012-10-16 14:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-07 19:14 - 2014-08-07 19:14 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-08-07 19:14 - 2014-08-07 19:14 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\library_dir
2014-08-07 19:14 - 2014-08-07 19:12 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-07 19:12 - 2014-08-07 19:12 - 00061432 _____ () C:\Windows\SysWOW64\CCCInstall_201408071912214837.log
2014-08-07 19:12 - 2014-08-07 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-08-07 19:12 - 2014-08-07 19:12 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-08-07 19:12 - 2012-10-16 17:24 - 00000000 ____D () C:\ProgramData\AMD
2014-08-07 19:12 - 2012-10-16 17:24 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-08-07 19:12 - 2012-10-16 17:23 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-08-07 19:09 - 2014-08-07 19:09 - 00000000 ____D () C:\Program Files\AMD
2014-08-07 19:08 - 2014-08-07 19:08 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-07 18:05 - 2014-08-07 18:05 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D7C5C2E4-7D0D-4B75-ABDB-23AC8B68CE17}
2014-08-06 16:10 - 2014-08-06 16:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\{A4B1873A-B333-4424-BF5B-930D3D1E22BC}
2014-08-05 19:27 - 2014-08-05 19:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\{42DEDB8E-D253-4525-9105-03BA57D4EC6C}
2014-08-03 07:15 - 2014-08-03 07:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\{2DCE4164-D59B-4897-A64A-EBA1A275214F}
2014-08-02 08:57 - 2014-08-02 08:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\{B5FCFB63-56B6-4055-A819-06D05B8211E8}
2014-07-31 16:48 - 2014-07-31 16:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D772056B-D4E1-4367-9E36-FCE4778AEFE1}
2014-07-30 16:32 - 2014-07-30 16:32 - 00000000 ____D () C:\Users\Owner\AppData\Local\{5FA84AB7-EDD1-4228-B773-9BA86D41B6EA}
2014-07-29 05:42 - 2014-07-29 05:42 - 00000000 ____D () C:\Users\Owner\AppData\Local\{B1CE4F33-64A3-4511-B9DE-2A8BB45FFCDF}
2014-07-27 05:30 - 2014-07-27 05:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{314CC846-3A6A-4BCA-9531-F714DEC87634}
2014-07-26 07:56 - 2014-07-26 07:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\{DAB23E6B-9817-44D9-9533-BD1CF0818DDC}
2014-07-25 17:53 - 2014-07-25 17:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\{D4308F4C-5292-4A91-B898-8D3DD2AF7F5F}
2014-07-25 04:28 - 2012-10-16 16:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 04:28 - 2012-10-16 16:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 17:23 - 2014-07-24 17:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\{B5A264B6-2C2F-4801-B261-D94ED3E9187A}
2014-07-24 17:21 - 2012-10-16 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 17:29 - 2014-07-23 17:29 - 00000000 ____D () C:\Users\Owner\AppData\Local\{EEC37981-7B5C-4964-ACB1-05AED6B37EF2}
2014-07-21 16:49 - 2014-07-21 16:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C0D918D5-0D50-46B9-A07B-2F26707D3DDC}
2014-07-20 20:45 - 2014-07-20 20:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\{1E7DE542-EC06-4585-8A56-B9B1DA3E3518}
2014-07-20 06:18 - 2014-07-20 06:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\{E099090A-8E29-45CD-A2E8-6CF239FC920D}
2014-07-19 17:30 - 2014-07-19 17:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\{503BCD6A-03D6-45AD-B7FD-E49B0BC53648}
2014-07-19 05:21 - 2014-07-19 05:21 - 00000000 ____D () C:\Users\Owner\AppData\Local\{7734B033-5837-4512-A046-E4EAA968E1C1}
2014-07-17 20:09 - 2014-07-17 20:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\{C3B0386B-0306-4A8A-B577-B097BAC6570C}
2014-07-17 05:49 - 2014-07-17 05:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\{85A5D427-CB49-4014-98A6-2860EBA5CF45}
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\raptrpatch.exe
C:\Users\Owner\AppData\Local\Temp\raptr_stub.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-07 19:50
 
==================== End Of Log ============================

Edited by OGdexter, 16 August 2014 - 09:11 AM.

  • 0

#8
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi,

 

Nothing that would cause crashes in the FRST scan, but a few things we can fix.

 

I'm also including scans with aswMBR and GMER to see if there's anything there that would account for crashes.

 

FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    CHR Extension: (Slick Savings) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013
    -08-11]
    CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx [2012-10-
    17]
    CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
    [2012-10-17]
    CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Owner\AppData\Local\Slick Savings\coupons.crx [2013-08-11]
    CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2013-08
    -11]
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!


  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 

aswMBR.png Scan with aswMBR

Please download aswMBR by Avast! & Gmer and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 

  • Right-click on the aswMBR.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Allow virtualisation if offered.
  • If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
  • Click the AV Scan: drop down box and select C:\.
  • Select scan.
  • Upon completion, you will see Scan finished successfully. Click Save log.

Do NOT click Fix or FixMBR!
A file (MBR.dat) will be created on your desktop. Do NOT click or delete it!

Copy the contents of the logfile ans paste in into your next reply.
Do not forget to re-enable your previously switched-off protection software!

 

 

gmericon.png Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.
 

  • Right-click on randomly named gmericon.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It is very important that you do not use your computer while Gmer is running!
  • Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

When the pre-scan is completed, please do the following:

  • Please check in the Quick scan box.
  • Please uncheck the IAT/EAT and Show All.
  • Click Scan.
  • If you see a rootkit warning window click OK.
  • When the scan is finished, Save the results to your desktop as gmer.log.

Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!

icon_idea.gif If you encounter any problems, try running GMER in Safe Mode.
icon_idea.gif If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.

 

 

 


  • 0

#9
OGdexter

OGdexter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2014 04
Ran by Owner at 2014-08-16 15:13:53 Run:1
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR Extension: (Slick Savings) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013
-08-11]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx [2012-10-
17]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
[2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Owner\AppData\Local\Slick Savings\coupons.crx [2013-08-11]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2013-08
-11]
*****************
 
CHR Extension: (Slick Savings) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2013 directory not found.
-08-11] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj" => Key deleted successfully.
"CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx [2012-10-" => File/Directory not found.
17] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj" => Key deleted successfully.
"CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx" => File/Directory not found.
[2012-10-17] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk" => Key deleted successfully.
C:\Users\Owner\AppData\Local\Slick Savings\coupons.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp" => Key deleted successfully.
"CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2013-08" => File/Directory not found.
-11] => Error: No automatic fix found for this entry.
 
==== End of Fixlog ====
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-16 15:42:35
-----------------------------
15:42:35.357    OS Version: Windows x64 6.1.7601 Service Pack 1
15:42:35.357    Number of processors: 3 586 0x403
15:42:35.357    ComputerName: OWNER-PC  UserName: Owner
15:42:36.200    Initialize success
15:42:36.200    VM: initialized successfully
15:42:36.216    VM: Amd CPU BiosDisabled 
15:42:37.621    VM: supported disk I/O ataport.SYS
15:43:09.352    AVAST engine defs: 14081601
15:43:34.666    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:43:34.682    Disk 0 Vendor: ST1000DM003-9YN162 CC4H Size: 953869MB BusType: 3
15:43:34.807    Disk 0 MBR read successfully
15:43:34.822    Disk 0 MBR scan
15:43:34.822    Disk 0 Windows 7 default MBR code
15:43:34.885    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:43:34.916    Disk 0 default boot code
15:43:34.978    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       933288 MB offset 206848
15:43:34.994    Disk 0 Partition - 00     05     Extended             20480 MB offset 1911580672
15:43:35.072    Disk 0 Partition 3 00     BC              BOOTWIZ0    20479 MB offset 1911582720
15:43:35.150    Disk 0 scanning C:\Windows\system32\drivers
15:43:42.984    Service scanning
15:43:45.576    Service BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys **LOCKED** 5
15:43:45.669    Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
15:43:57.392    Modules scanning
15:43:57.407    Disk 0 trace - called modules:
15:43:57.423    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
15:43:57.423    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049b5790]
15:43:57.439    3 CLASSPNP.SYS[fffff880011d043f] -> nt!IofCallDriver -> [0xfffffa8004948bc0]
15:43:57.439    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800493a060]
15:43:58.437    AVAST engine scan C:\
16:24:53.861    Scan finished successfully
16:26:15.390    Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
16:26:15.406    The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR LOGFILE.txt"
 
 

  • 0

#10
OGdexter

OGdexter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts

I've tried posting Gmer and I have managed to paste it into a reply, even tried pasting it in without the other two, but when I hit "post", it never seems to go up. Maybe it's too big?

 

Going to sleep now, I'll leave it the way it is maybe it will go up. I'm in another screen. I hit the"post" button and it says "saving post....."


Edited by OGdexter, 16 August 2014 - 10:12 PM.

  • 0

Advertisements


#11
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I would like to see that GMER scan, but try this first and then if you can, post both logs.

 

Please download Rkill by Grinler and save it to your desktop.

  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • When the scan is done Notepad will open with rKill log. Please copy and past that in your reply.

Note: rKill.txt log can also be found on your desktop.


  • 0

#12
OGdexter

OGdexter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
here's this. STILL won't let me post the Gmer log, must be too big
 
 
 
Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 08/17/2014 06:55:18 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 08/17/2014 06:55:25 AM
Execution time: 0 hours(s), 0 minute(s), and 6 seconds(s)

  • 0

#13
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I'd be surprised if it's too big, but, maybe try dividing into pieces and doing multiple postings.


  • 0

#14
OGdexter

OGdexter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts

yup, just copied about half and got dialog box (never got one before) that says "Error, post too long"

 

approx 25% (1/3 still too long)

 

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-16 16:52:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-9YN162 rev.CC4H 931.51GB
Running: gMER APP.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys
 
 
---- Kernel code sections - GMER 2.1 ----
 
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                 fffff80002faf000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                                                 fffff80002faf02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
 
---- User code sections - GMER 2.1 ----
 
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                         0000000076ac1b21 11 bytes [B8, F9, D3, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                   0000000076ac1c10 12 bytes [48, B8, F9, 39, 60, 75, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                     0000000076addb80 12 bytes [48, B8, B9, 2D, 60, 75, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                        0000000076ae0931 11 bytes [B8, 79, E5, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                      0000000076b152f1 11 bytes [B8, B9, 7A, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                      0000000076b15311 11 bytes [B8, 39, 77, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                               0000000076b2a5e0 12 bytes [48, B8, B9, 81, 60, 75, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                               0000000076b2a6f0 12 bytes [48, B8, 39, 7E, 60, 75, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                          000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                          000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                       000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                           000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                             000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                       000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                           000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                       000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                   000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                  000007fefcd1287a 2 bytes [50, C3]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                         000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                          000007fefd9c642d 11 bytes [B8, 39, 5B, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                000007fefd9c6484 12 bytes [48, B8, F9, 55, 60, 75, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                      000007fefd9c6519 11 bytes [B8, 39, 62, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                000007fefd9c6c34 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                           000007fefd9c7ab5 11 bytes [B8, F9, 5C, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                       000007fefd9c8b01 11 bytes [B8, B9, 57, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atiesrxx.exe[1060] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                       000007fefd9c8c39 11 bytes [B8, 79, 59, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                               0000000076d192d1 5 bytes [B8, 39, 69, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                               0000000076d192d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                    0000000076d31330 6 bytes [48, B8, 79, EC, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                0000000076d31338 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                        0000000076d313a0 6 bytes [48, B8, B9, D5, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                    0000000076d313a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                        0000000076d31470 6 bytes [48, B8, 79, C2, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                    0000000076d31478 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                  0000000076d31510 6 bytes [48, B8, F9, 32, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                              0000000076d31518 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                             0000000076d31530 6 bytes [48, B8, 39, 1C, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                         0000000076d31538 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                           0000000076d31550 6 bytes [48, B8, F9, 1D, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                       0000000076d31558 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                             0000000076d31570 6 bytes [48, B8, B9, C0, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                         0000000076d31578 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                  0000000076d31620 6 bytes [48, B8, F9, E8, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                              0000000076d31628 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                           0000000076d31650 6 bytes [48, B8, 79, 2F, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                       0000000076d31658 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                              0000000076d31670 6 bytes [48, B8, 79, 36, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                          0000000076d31678 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                               0000000076d31700 6 bytes [48, B8, B9, 34, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                           0000000076d31708 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                0000000076d31750 6 bytes [48, B8, 39, EE, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                            0000000076d31758 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                              0000000076d31780 6 bytes [48, B8, 39, 2A, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                          0000000076d31788 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                 0000000076d31790 6 bytes [48, B8, B9, 26, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                             0000000076d31798 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                   0000000076d31800 6 bytes [48, B8, B9, EA, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                               0000000076d31808 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                  0000000076d318b0 6 bytes [48, B8, B9, F1, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                              0000000076d318b8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                 0000000076d31c80 6 bytes [48, B8, 39, E7, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                             0000000076d31c88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                0000000076d31cd0 6 bytes [48, B8, 79, 28, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                            0000000076d31cd8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                               0000000076d31d30 6 bytes [48, B8, F9, 24, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                           0000000076d31d38 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                   0000000076d320a0 6 bytes [48, B8, 79, D7, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                               0000000076d320a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                               0000000076d325e0 6 bytes [48, B8, 79, 83, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                           0000000076d325e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                             0000000076d327e0 6 bytes [48, B8, 39, 31, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                         0000000076d327e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                         0000000076d329a0 6 bytes [48, B8, 39, D9, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                     0000000076d329a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                               0000000076d32a80 6 bytes [48, B8, 79, 3D, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                           0000000076d32a88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                0000000076d32a90 6 bytes [48, B8, B9, 3B, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                            0000000076d32a98 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                           0000000076d32aa0 6 bytes [48, B8, F9, EF, 60, 75]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                       0000000076d32aa8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                         0000000076da3201 11 bytes [B8, 39, 85, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                          0000000076ac1b21 11 bytes [B8, F9, D3, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                    0000000076ac1c10 12 bytes [48, B8, F9, 39, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                      0000000076addb80 12 bytes [48, B8, B9, 2D, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                         0000000076ae0931 11 bytes [B8, 79, E5, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                       0000000076b152f1 11 bytes [B8, B9, 7A, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                       0000000076b15311 11 bytes [B8, 39, 77, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                0000000076b2a5e0 12 bytes [48, B8, B9, 81, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                0000000076b2a6f0 12 bytes [48, B8, 39, 7E, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                           000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                           000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                        000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                            000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                              000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                        000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                            000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                        000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                    000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                   000007fefcd1287a 2 bytes [50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                          000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                           000007fefd9c642d 11 bytes [B8, 39, 5B, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                 000007fefd9c6484 12 bytes [48, B8, F9, 55, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                       000007fefd9c6519 11 bytes [B8, 39, 62, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                 000007fefd9c6c34 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                            000007fefd9c7ab5 11 bytes [B8, F9, 5C, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                        000007fefd9c8b01 11 bytes [B8, B9, 57, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                        000007fefd9c8c39 11 bytes [B8, 79, 59, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                          000007fefe0d4ea1 11 bytes [B8, 39, F5, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                              000007fefe0d55c8 12 bytes [48, B8, B9, 6C, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                              000007fefe0eb85c 12 bytes [48, B8, F9, 6A, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                        000007fefe0eb9d0 12 bytes [48, B8, 79, 60, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                        000007fefe0eba3c 12 bytes [48, B8, B9, 5E, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                   000007fefdac13b1 11 bytes [B8, F9, BE, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                   000007fefdac18e0 12 bytes [48, B8, 39, BD, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                                000007fefdac1bd1 11 bytes [B8, 79, BB, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                   000007fefdac2201 11 bytes [B8, F9, E1, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                  000007fefdac23c0 12 bytes [48, B8, 79, A6, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!connect                                                                                                                       000007fefdac45c0 12 bytes [48, B8, 79, 67, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                      000007fefdac8001 11 bytes [B8, B9, B9, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                 000007fefdac8df0 7 bytes [48, B8, 39, A8, 60, 75, 00]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                             000007fefdac8df9 3 bytes [00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                    000007fefdacde91 11 bytes [B8, F9, DA, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                      000007fefdacdf41 11 bytes [B8, 39, E0, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1140] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                000007fefdaee0f1 11 bytes [B8, 79, DE, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                               0000000076d192d1 5 bytes [B8, 39, 69, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                               0000000076d192d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                    0000000076d31330 6 bytes [48, B8, 79, EC, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                0000000076d31338 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                        0000000076d313a0 6 bytes [48, B8, B9, D5, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                    0000000076d313a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                        0000000076d31470 6 bytes [48, B8, 79, C2, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                    0000000076d31478 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                  0000000076d31510 6 bytes [48, B8, F9, 32, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                              0000000076d31518 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                             0000000076d31530 6 bytes [48, B8, 39, 1C, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                         0000000076d31538 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                           0000000076d31550 6 bytes [48, B8, F9, 1D, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                       0000000076d31558 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                             0000000076d31570 6 bytes [48, B8, B9, C0, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                         0000000076d31578 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                  0000000076d31620 6 bytes [48, B8, F9, E8, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                              0000000076d31628 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                           0000000076d31650 6 bytes [48, B8, 79, 2F, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                       0000000076d31658 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                              0000000076d31670 6 bytes [48, B8, 79, 36, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                          0000000076d31678 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                               0000000076d31700 6 bytes [48, B8, B9, 34, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                           0000000076d31708 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                0000000076d31750 6 bytes [48, B8, 39, EE, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                            0000000076d31758 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                              0000000076d31780 6 bytes [48, B8, 39, 2A, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                          0000000076d31788 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                 0000000076d31790 6 bytes [48, B8, B9, 26, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                             0000000076d31798 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                   0000000076d31800 6 bytes [48, B8, B9, EA, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                               0000000076d31808 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                  0000000076d318b0 6 bytes [48, B8, B9, F1, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                              0000000076d318b8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                 0000000076d31c80 6 bytes [48, B8, 39, E7, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                             0000000076d31c88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                0000000076d31cd0 6 bytes [48, B8, 79, 28, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                            0000000076d31cd8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                               0000000076d31d30 6 bytes [48, B8, F9, 24, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                           0000000076d31d38 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                   0000000076d320a0 6 bytes [48, B8, 79, D7, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                               0000000076d320a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                               0000000076d325e0 6 bytes [48, B8, 79, 83, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                           0000000076d325e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                             0000000076d327e0 6 bytes [48, B8, 39, 31, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                         0000000076d327e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                         0000000076d329a0 6 bytes [48, B8, 39, D9, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                     0000000076d329a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                               0000000076d32a80 6 bytes [48, B8, 79, 3D, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                           0000000076d32a88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                0000000076d32a90 6 bytes [48, B8, B9, 3B, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                            0000000076d32a98 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                           0000000076d32aa0 6 bytes [48, B8, F9, EF, 60, 75]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                       0000000076d32aa8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                         0000000076da3201 11 bytes [B8, 39, 85, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                          0000000076ac1b21 11 bytes [B8, F9, D3, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                    0000000076ac1c10 12 bytes [48, B8, F9, 39, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                      0000000076addb80 12 bytes [48, B8, B9, 2D, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                         0000000076ae0931 11 bytes [B8, 79, E5, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                       0000000076b152f1 11 bytes [B8, B9, 7A, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                       0000000076b15311 11 bytes [B8, 39, 77, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                0000000076b2a5e0 12 bytes [48, B8, B9, 81, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                0000000076b2a6f0 12 bytes [48, B8, 39, 7E, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                           000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                           000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                        000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                            000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                              000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                        000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                            000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                        000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                    000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                   000007fefcd1287a 2 bytes [50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                          000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                           000007fefd9c642d 11 bytes [B8, 39, 5B, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                 000007fefd9c6484 12 bytes [48, B8, F9, 55, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                       000007fefd9c6519 11 bytes [B8, 39, 62, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                 000007fefd9c6c34 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                            000007fefd9c7ab5 11 bytes [B8, F9, 5C, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                        000007fefd9c8b01 11 bytes [B8, B9, 57, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                        000007fefd9c8c39 11 bytes [B8, 79, 59, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                          000007fefe0d4ea1 11 bytes [B8, 39, F5, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                              000007fefe0d55c8 12 bytes [48, B8, B9, 6C, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                              000007fefe0eb85c 12 bytes [48, B8, F9, 6A, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                        000007fefe0eb9d0 12 bytes [48, B8, 79, 60, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                        000007fefe0eba3c 12 bytes [48, B8, B9, 5E, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                   000007fefdac13b1 11 bytes [B8, F9, BE, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                   000007fefdac18e0 12 bytes [48, B8, 39, BD, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                                000007fefdac1bd1 11 bytes [B8, 79, BB, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                   000007fefdac2201 11 bytes [B8, F9, E1, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                  000007fefdac23c0 12 bytes [48, B8, 79, A6, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!connect                                                                                                                       000007fefdac45c0 12 bytes [48, B8, 79, 67, 60, 75, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                      000007fefdac8001 11 bytes [B8, B9, B9, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                 000007fefdac8df0 7 bytes [48, B8, 39, A8, 60, 75, 00]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                             000007fefdac8df9 3 bytes [00, 50, C3]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                    000007fefdacde91 11 bytes [B8, F9, DA, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                      000007fefdacdf41 11 bytes [B8, 39, E0, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\svchost.exe[1184] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                000007fefdaee0f1 11 bytes [B8, 79, DE, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                               0000000076d192d1 5 bytes [B8, 39, 69, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                               0000000076d192d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                    0000000076d31330 6 bytes [48, B8, 79, EC, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                0000000076d31338 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                        0000000076d313a0 6 bytes [48, B8, B9, D5, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                    0000000076d313a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                        0000000076d31470 6 bytes [48, B8, 79, C2, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                    0000000076d31478 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                  0000000076d31510 6 bytes [48, B8, F9, 32, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                              0000000076d31518 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                             0000000076d31530 6 bytes [48, B8, 39, 1C, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                         0000000076d31538 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                           0000000076d31550 6 bytes [48, B8, F9, 1D, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                       0000000076d31558 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                             0000000076d31570 6 bytes [48, B8, B9, C0, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                         0000000076d31578 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                  0000000076d31620 6 bytes [48, B8, F9, E8, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                              0000000076d31628 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                           0000000076d31650 6 bytes [48, B8, 79, 2F, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                       0000000076d31658 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                              0000000076d31670 6 bytes [48, B8, 79, 36, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                          0000000076d31678 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                               0000000076d31700 6 bytes [48, B8, B9, 34, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                           0000000076d31708 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                0000000076d31750 6 bytes [48, B8, 39, EE, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                            0000000076d31758 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                              0000000076d31780 6 bytes [48, B8, 39, 2A, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                          0000000076d31788 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                 0000000076d31790 6 bytes [48, B8, B9, 26, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                             0000000076d31798 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                   0000000076d31800 6 bytes [48, B8, B9, EA, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                               0000000076d31808 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                  0000000076d318b0 6 bytes [48, B8, B9, F1, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                              0000000076d318b8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                 0000000076d31c80 6 bytes [48, B8, 39, E7, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                             0000000076d31c88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                0000000076d31cd0 6 bytes [48, B8, 79, 28, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                            0000000076d31cd8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                               0000000076d31d30 6 bytes [48, B8, F9, 24, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                           0000000076d31d38 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                   0000000076d320a0 6 bytes [48, B8, 79, D7, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                               0000000076d320a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                               0000000076d325e0 6 bytes [48, B8, 79, 83, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                           0000000076d325e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                             0000000076d327e0 6 bytes [48, B8, 39, 31, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                         0000000076d327e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                         0000000076d329a0 6 bytes [48, B8, 39, D9, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                     0000000076d329a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                               0000000076d32a80 6 bytes [48, B8, 79, 3D, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                           0000000076d32a88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                0000000076d32a90 6 bytes [48, B8, B9, 3B, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                            0000000076d32a98 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                           0000000076d32aa0 6 bytes [48, B8, F9, EF, 60, 75]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                       0000000076d32aa8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                         0000000076da3201 11 bytes [B8, 39, 85, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                          0000000076ac1b21 11 bytes [B8, F9, D3, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                    0000000076ac1c10 12 bytes [48, B8, F9, 39, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                      0000000076addb80 12 bytes [48, B8, B9, 2D, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                         0000000076ae0931 11 bytes [B8, 79, E5, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                       0000000076b152f1 11 bytes [B8, B9, 7A, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                       0000000076b15311 11 bytes [B8, 39, 77, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                0000000076b2a5e0 12 bytes [48, B8, B9, 81, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                0000000076b2a6f0 12 bytes [48, B8, 39, 7E, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                           000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                           000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                        000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                            000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                              000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                        000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                            000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                        000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                    000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                   000007fefcd1287a 2 bytes [50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                          000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                           000007fefd9c642d 11 bytes [B8, 39, 5B, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                 000007fefd9c6484 12 bytes [48, B8, F9, 55, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                       000007fefd9c6519 11 bytes [B8, 39, 62, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                 000007fefd9c6c34 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                            000007fefd9c7ab5 11 bytes [B8, F9, 5C, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                        000007fefd9c8b01 11 bytes [B8, B9, 57, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                        000007fefd9c8c39 11 bytes [B8, 79, 59, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                   000007fefdac13b1 11 bytes [B8, F9, BE, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                   000007fefdac18e0 12 bytes [48, B8, 39, BD, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                                000007fefdac1bd1 11 bytes [B8, 79, BB, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                   000007fefdac2201 11 bytes [B8, F9, E1, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                  000007fefdac23c0 12 bytes [48, B8, 79, A6, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\WS2_32.dll!connect                                                                                                                       000007fefdac45c0 12 bytes [48, B8, 79, 67, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                      000007fefdac8001 11 bytes [B8, B9, B9, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                 000007fefdac8df0 7 bytes [48, B8, 39, A8, 60, 75, 00]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                             000007fefdac8df9 3 bytes [00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                    000007fefdacde91 11 bytes [B8, F9, DA, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                      000007fefdacdf41 11 bytes [B8, 39, E0, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                000007fefdaee0f1 11 bytes [B8, 79, DE, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                               0000000076d192d1 5 bytes [B8, 39, 69, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                               0000000076d192d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                    0000000076d31330 6 bytes [48, B8, 79, EC, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                0000000076d31338 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                        0000000076d313a0 6 bytes [48, B8, B9, D5, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                    0000000076d313a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                        0000000076d31470 6 bytes [48, B8, 79, C2, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                    0000000076d31478 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                  0000000076d31510 6 bytes [48, B8, F9, 32, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                              0000000076d31518 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                             0000000076d31530 6 bytes [48, B8, 39, 1C, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                         0000000076d31538 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                           0000000076d31550 6 bytes [48, B8, F9, 1D, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                       0000000076d31558 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                             0000000076d31570 6 bytes [48, B8, B9, C0, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                         0000000076d31578 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                  0000000076d31620 6 bytes [48, B8, F9, E8, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                              0000000076d31628 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                           0000000076d31650 6 bytes [48, B8, 79, 2F, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                       0000000076d31658 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                              0000000076d31670 6 bytes [48, B8, 79, 36, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                          0000000076d31678 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                               0000000076d31700 6 bytes [48, B8, B9, 34, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                           0000000076d31708 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                0000000076d31750 6 bytes [48, B8, 39, EE, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                            0000000076d31758 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                              0000000076d31780 6 bytes [48, B8, 39, 2A, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                          0000000076d31788 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                 0000000076d31790 6 bytes [48, B8, B9, 26, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                             0000000076d31798 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                   0000000076d31800 6 bytes [48, B8, B9, EA, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                               0000000076d31808 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                  0000000076d318b0 6 bytes [48, B8, B9, F1, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                              0000000076d318b8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                 0000000076d31c80 6 bytes [48, B8, 39, E7, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                             0000000076d31c88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                0000000076d31cd0 6 bytes [48, B8, 79, 28, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                            0000000076d31cd8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                               0000000076d31d30 6 bytes [48, B8, F9, 24, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                           0000000076d31d38 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                   0000000076d320a0 6 bytes [48, B8, 79, D7, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                               0000000076d320a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                               0000000076d325e0 6 bytes [48, B8, 79, 83, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                           0000000076d325e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                             0000000076d327e0 6 bytes [48, B8, 39, 31, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                         0000000076d327e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                         0000000076d329a0 6 bytes [48, B8, 39, D9, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                     0000000076d329a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                               0000000076d32a80 6 bytes [48, B8, 79, 3D, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                           0000000076d32a88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                0000000076d32a90 6 bytes [48, B8, B9, 3B, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                            0000000076d32a98 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                           0000000076d32aa0 6 bytes [48, B8, F9, EF, 60, 75]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                       0000000076d32aa8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                         0000000076da3201 11 bytes [B8, 39, 85, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                          0000000076ac1b21 11 bytes [B8, F9, D3, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                    0000000076ac1c10 12 bytes [48, B8, F9, 39, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                      0000000076addb80 12 bytes [48, B8, B9, 2D, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                         0000000076ae0931 11 bytes [B8, 79, E5, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                       0000000076b152f1 11 bytes [B8, B9, 7A, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                       0000000076b15311 11 bytes [B8, 39, 77, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                0000000076b2a5e0 12 bytes [48, B8, B9, 81, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                0000000076b2a6f0 12 bytes [48, B8, 39, 7E, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                           000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                           000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                        000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                            000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                              000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                        000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                            000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                        000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                    000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                   000007fefcd1287a 2 bytes [50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                          000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                           000007fefd9c642d 11 bytes [B8, 39, 5B, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                 000007fefd9c6484 12 bytes [48, B8, F9, 55, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                       000007fefd9c6519 11 bytes [B8, 39, 62, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                 000007fefd9c6c34 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                            000007fefd9c7ab5 11 bytes [B8, F9, 5C, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                        000007fefd9c8b01 11 bytes [B8, B9, 57, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                        000007fefd9c8c39 11 bytes [B8, 79, 59, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                          000007fefe0d4ea1 11 bytes [B8, 39, F5, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                              000007fefe0d55c8 12 bytes [48, B8, B9, 6C, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                              000007fefe0eb85c 12 bytes [48, B8, F9, 6A, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                        000007fefe0eb9d0 12 bytes [48, B8, 79, 60, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                        000007fefe0eba3c 12 bytes [48, B8, B9, 5E, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                   000007fefdac13b1 11 bytes [B8, F9, BE, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                   000007fefdac18e0 12 bytes [48, B8, 39, BD, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                                000007fefdac1bd1 11 bytes [B8, 79, BB, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                   000007fefdac2201 11 bytes [B8, F9, E1, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                  000007fefdac23c0 12 bytes [48, B8, 79, A6, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\WS2_32.dll!connect                                                                                                                       000007fefdac45c0 12 bytes [48, B8, 79, 67, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                      000007fefdac8001 11 bytes [B8, B9, B9, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                 000007fefdac8df0 7 bytes [48, B8, 39, A8, 60, 75, 00]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                             000007fefdac8df9 3 bytes [00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                    000007fefdacde91 11 bytes [B8, F9, DA, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                      000007fefdacdf41 11 bytes [B8, 39, E0, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                000007fefdaee0f1 11 bytes [B8, 79, DE, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1                                                                                                        000007fefe1adc81 11 bytes [B8, 79, 8A, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\msi.dll!MsiDecomposeDescriptorW + 165                                                                                                    000007feed223eb1 11 bytes [B8, 39, FC, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\msi.dll!MsiQueryProductStateA + 1                                                                                                        000007feed2a0aa5 11 bytes [B8, 79, 4B, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\msi.dll!MsiInstallProductA + 1                                                                                                           000007feed2a0f21 11 bytes [B8, F9, 47, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\msi.dll!MsiQueryProductStateW + 1                                                                                                        000007feed2af73d 11 bytes [B8, 39, 4D, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\msi.dll!MsiInstallProductW + 1                                                                                                           000007feed2afaa9 11 bytes [B8, B9, 49, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\msi.dll!MsiOpenDatabaseW + 1                                                                                                             000007feed2c812d 11 bytes [B8, 39, 46, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1244] C:\Windows\system32\msi.dll!MsiOpenDatabaseA + 1                                                                                                             000007feed2c8359 11 bytes [B8, 79, 44, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                          0000000076ac1b21 11 bytes [B8, F9, D3, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                    0000000076ac1c10 12 bytes [48, B8, F9, 39, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                      0000000076addb80 12 bytes [48, B8, B9, 2D, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                         0000000076ae0931 11 bytes [B8, 79, E5, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                       0000000076b152f1 11 bytes [B8, B9, 7A, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                       0000000076b15311 11 bytes [B8, 39, 77, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                0000000076b2a5e0 12 bytes [48, B8, B9, 81, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                0000000076b2a6f0 12 bytes [48, B8, 39, 7E, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                           000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                           000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                        000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                            000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                              000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                        000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                            000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                        000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                    000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                   000007fefcd1287a 2 bytes [50, C3]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                          000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                           000007fefd9c642d 11 bytes [B8, 39, 5B, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                 000007fefd9c6484 12 bytes [48, B8, F9, 55, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                       000007fefd9c6519 11 bytes [B8, 39, 62, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                 000007fefd9c6c34 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                            000007fefd9c7ab5 11 bytes [B8, F9, 5C, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                        000007fefd9c8b01 11 bytes [B8, B9, 57, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1356] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                        000007fefd9c8c39 11 bytes [B8, 79, 59, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                               0000000076d192d1 5 bytes [B8, 39, 69, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                               0000000076d192d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                    0000000076d31330 6 bytes [48, B8, 79, EC, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                0000000076d31338 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                        0000000076d313a0 6 bytes [48, B8, B9, D5, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                    0000000076d313a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                        0000000076d31470 6 bytes [48, B8, 79, C2, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                    0000000076d31478 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                  0000000076d31510 6 bytes [48, B8, F9, 32, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                              0000000076d31518 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                             0000000076d31530 6 bytes [48, B8, 39, 1C, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                         0000000076d31538 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                           0000000076d31550 6 bytes [48, B8, F9, 1D, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                       0000000076d31558 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                             0000000076d31570 6 bytes [48, B8, B9, C0, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                         0000000076d31578 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                  0000000076d31620 6 bytes [48, B8, F9, E8, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                              0000000076d31628 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                           0000000076d31650 6 bytes [48, B8, 79, 2F, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                       0000000076d31658 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                              0000000076d31670 6 bytes [48, B8, 79, 36, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                          0000000076d31678 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                               0000000076d31700 6 bytes [48, B8, B9, 34, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                           0000000076d31708 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                0000000076d31750 6 bytes [48, B8, 39, EE, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                            0000000076d31758 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                              0000000076d31780 6 bytes [48, B8, 39, 2A, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                          0000000076d31788 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                 0000000076d31790 6 bytes [48, B8, B9, 26, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                             0000000076d31798 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                   0000000076d31800 6 bytes [48, B8, B9, EA, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                               0000000076d31808 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                  0000000076d318b0 6 bytes [48, B8, B9, F1, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                              0000000076d318b8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                 0000000076d31c80 6 bytes [48, B8, 39, E7, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                             0000000076d31c88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                0000000076d31cd0 6 bytes [48, B8, 79, 28, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                            0000000076d31cd8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                               0000000076d31d30 6 bytes [48, B8, F9, 24, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                           0000000076d31d38 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                   0000000076d320a0 6 bytes [48, B8, 79, D7, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                               0000000076d320a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                               0000000076d325e0 6 bytes [48, B8, 79, 83, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                           0000000076d325e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                             0000000076d327e0 6 bytes [48, B8, 39, 31, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                         0000000076d327e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                         0000000076d329a0 6 bytes [48, B8, 39, D9, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                     0000000076d329a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                               0000000076d32a80 6 bytes [48, B8, 79, 3D, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                           0000000076d32a88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                0000000076d32a90 6 bytes [48, B8, B9, 3B, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                            0000000076d32a98 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                           0000000076d32aa0 6 bytes [48, B8, F9, EF, 60, 75]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                       0000000076d32aa8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                         0000000076da3201 11 bytes [B8, 39, 85, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                          0000000076ac1b21 11 bytes [B8, F9, D3, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                    0000000076ac1c10 12 bytes [48, B8, F9, 39, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                      0000000076addb80 12 bytes [48, B8, B9, 2D, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                         0000000076ae0931 11 bytes [B8, 79, E5, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                       0000000076b152f1 11 bytes [B8, B9, 7A, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                       0000000076b15311 11 bytes [B8, 39, 77, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                0000000076b2a5e0 12 bytes [48, B8, B9, 81, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                0000000076b2a6f0 12 bytes [48, B8, 39, 7E, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                           000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                           000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                        000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                            000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                              000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                        000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                            000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                        000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                    000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                   000007fefcd1287a 2 bytes [50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                          000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                           000007fefd9c642d 11 bytes [B8, 39, 5B, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                 000007fefd9c6484 12 bytes [48, B8, F9, 55, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                       000007fefd9c6519 11 bytes [B8, 39, 62, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                 000007fefd9c6c34 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                            000007fefd9c7ab5 11 bytes [B8, F9, 5C, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                        000007fefd9c8b01 11 bytes [B8, B9, 57, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                        000007fefd9c8c39 11 bytes [B8, 79, 59, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                   000007fefdac13b1 11 bytes [B8, F9, BE, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                   000007fefdac18e0 12 bytes [48, B8, 39, BD, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                                000007fefdac1bd1 11 bytes [B8, 79, BB, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                   000007fefdac2201 11 bytes [B8, F9, E1, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                  000007fefdac23c0 12 bytes [48, B8, 79, A6, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\WS2_32.dll!connect                                                                                                                       000007fefdac45c0 12 bytes [48, B8, 79, 67, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                      000007fefdac8001 11 bytes [B8, B9, B9, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                 000007fefdac8df0 7 bytes [48, B8, 39, A8, 60, 75, 00]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                             000007fefdac8df9 3 bytes [00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                    000007fefdacde91 11 bytes [B8, F9, DA, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                      000007fefdacdf41 11 bytes [B8, 39, E0, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1452] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                000007fefdaee0f1 11 bytes [B8, 79, DE, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                               0000000076d192d1 5 bytes [B8, 39, 69, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                               0000000076d192d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                    0000000076d31330 6 bytes [48, B8, B9, F1, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                0000000076d31338 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                        0000000076d313a0 6 bytes [48, B8, B9, D5, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                    0000000076d313a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                        0000000076d31470 6 bytes [48, B8, 79, C2, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                    0000000076d31478 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                  0000000076d31510 6 bytes [48, B8, F9, 32, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                              0000000076d31518 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                             0000000076d31530 6 bytes [48, B8, 39, 1C, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                         0000000076d31538 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                           0000000076d31550 6 bytes [48, B8, F9, 1D, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                       0000000076d31558 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                             0000000076d31570 6 bytes [48, B8, B9, C0, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                         0000000076d31578 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                  0000000076d31620 6 bytes [48, B8, 39, EE, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                              0000000076d31628 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                           0000000076d31650 6 bytes [48, B8, 79, 2F, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                       0000000076d31658 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                              0000000076d31670 6 bytes [48, B8, 79, 36, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                          0000000076d31678 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                               0000000076d31700 6 bytes [48, B8, B9, 34, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                           0000000076d31708 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection  

  • 0

#15
OGdexter

OGdexter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                            0000000076d31758 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                              0000000076d31780 6 bytes [48, B8, 39, 2A, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                          0000000076d31788 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                 0000000076d31790 6 bytes [48, B8, B9, 26, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                             0000000076d31798 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                   0000000076d31800 6 bytes [48, B8, F9, EF, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                               0000000076d31808 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                  0000000076d318b0 6 bytes [48, B8, F9, F6, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                              0000000076d318b8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                 0000000076d31c80 6 bytes [48, B8, 79, EC, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                             0000000076d31c88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                0000000076d31cd0 6 bytes [48, B8, 79, 28, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                            0000000076d31cd8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                               0000000076d31d30 6 bytes [48, B8, F9, 24, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                           0000000076d31d38 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                   0000000076d320a0 6 bytes [48, B8, 79, D7, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                               0000000076d320a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                               0000000076d325e0 6 bytes [48, B8, 79, 83, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                           0000000076d325e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                             0000000076d327e0 6 bytes [48, B8, 39, 31, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                         0000000076d327e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                         0000000076d329a0 6 bytes [48, B8, 39, D9, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                     0000000076d329a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                               0000000076d32a80 6 bytes [48, B8, 79, 3D, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                           0000000076d32a88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                0000000076d32a90 6 bytes [48, B8, B9, 3B, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                            0000000076d32a98 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                           0000000076d32aa0 6 bytes [48, B8, 39, F5, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                       0000000076d32aa8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                   0000000076d32b80 6 bytes [48, B8, 39, E7, 60, 75]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                               0000000076d32b88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                         0000000076da3201 11 bytes [B8, 39, 85, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                          0000000076ac1b21 11 bytes [B8, F9, D3, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                    0000000076ac1c10 12 bytes [48, B8, F9, 39, 60, 75, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                      0000000076addb80 12 bytes [48, B8, B9, 2D, 60, 75, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                         0000000076ae0931 11 bytes [B8, 79, E5, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                       0000000076b152f1 11 bytes [B8, B9, 7A, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                       0000000076b15311 11 bytes [B8, 39, 77, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                0000000076b2a5e0 12 bytes [48, B8, B9, 81, 60, 75, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                0000000076b2a6f0 12 bytes [48, B8, 39, 7E, 60, 75, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                           000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                           000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                        000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                            000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                              000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                        000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                            000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                        000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                    000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                   000007fefcd1287a 2 bytes [50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                          000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                           000007fefd9c642d 11 bytes [B8, 39, 5B, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                 000007fefd9c6484 12 bytes [48, B8, F9, 55, 60, 75, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                       000007fefd9c6519 11 bytes [B8, 39, 62, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                 000007fefd9c6c34 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                            000007fefd9c7ab5 11 bytes [B8, F9, 5C, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                        000007fefd9c8b01 11 bytes [B8, B9, 57, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                        000007fefd9c8c39 11 bytes [B8, 79, 59, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                   000007fefdac13b1 11 bytes [B8, F9, BE, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                   000007fefdac18e0 12 bytes [48, B8, 39, BD, 60, 75, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                                000007fefdac1bd1 11 bytes [B8, 79, BB, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                   000007fefdac2201 11 bytes [B8, F9, E1, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                  000007fefdac23c0 12 bytes [48, B8, 79, A6, 60, 75, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\WS2_32.dll!connect                                                                                                                       000007fefdac45c0 12 bytes [48, B8, 79, 67, 60, 75, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                      000007fefdac8001 11 bytes [B8, B9, B9, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                 000007fefdac8df0 7 bytes [48, B8, 39, A8, 60, 75, 00]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                             000007fefdac8df9 3 bytes [00, 50, C3]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                    000007fefdacde91 11 bytes [B8, F9, DA, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                      000007fefdacdf41 11 bytes [B8, 39, E0, 60, 75, 00, 00, ...]
.text     C:\Windows\System32\spoolsv.exe[1624] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                000007fefdaee0f1 11 bytes [B8, 79, DE, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                               0000000076d192d1 5 bytes [B8, 39, 69, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                               0000000076d192d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                    0000000076d31330 6 bytes [48, B8, 79, EC, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                0000000076d31338 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                        0000000076d313a0 6 bytes [48, B8, B9, D5, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                    0000000076d313a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                        0000000076d31470 6 bytes [48, B8, 79, C2, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                    0000000076d31478 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                  0000000076d31510 6 bytes [48, B8, F9, 32, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                              0000000076d31518 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                             0000000076d31530 6 bytes [48, B8, 39, 1C, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                         0000000076d31538 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                           0000000076d31550 6 bytes [48, B8, F9, 1D, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                       0000000076d31558 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                             0000000076d31570 6 bytes [48, B8, B9, C0, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                         0000000076d31578 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                  0000000076d31620 6 bytes [48, B8, F9, E8, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                              0000000076d31628 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                           0000000076d31650 6 bytes [48, B8, 79, 2F, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                       0000000076d31658 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                              0000000076d31670 6 bytes [48, B8, 79, 36, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                          0000000076d31678 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                               0000000076d31700 6 bytes [48, B8, B9, 34, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                           0000000076d31708 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                0000000076d31750 6 bytes [48, B8, 39, EE, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                            0000000076d31758 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                              0000000076d31780 6 bytes [48, B8, 39, 2A, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                          0000000076d31788 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                 0000000076d31790 6 bytes [48, B8, B9, 26, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                             0000000076d31798 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                   0000000076d31800 6 bytes [48, B8, B9, EA, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                               0000000076d31808 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                  0000000076d318b0 6 bytes [48, B8, B9, F1, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                              0000000076d318b8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                 0000000076d31c80 6 bytes [48, B8, 39, E7, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                             0000000076d31c88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                0000000076d31cd0 6 bytes [48, B8, 79, 28, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                            0000000076d31cd8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                               0000000076d31d30 6 bytes [48, B8, F9, 24, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                           0000000076d31d38 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                   0000000076d320a0 6 bytes [48, B8, 79, D7, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                               0000000076d320a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                               0000000076d325e0 6 bytes [48, B8, 79, 83, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                           0000000076d325e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                             0000000076d327e0 6 bytes [48, B8, 39, 31, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                         0000000076d327e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                         0000000076d329a0 6 bytes [48, B8, 39, D9, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                     0000000076d329a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                               0000000076d32a80 6 bytes [48, B8, 79, 3D, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                           0000000076d32a88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                0000000076d32a90 6 bytes [48, B8, B9, 3B, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                            0000000076d32a98 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                           0000000076d32aa0 6 bytes [48, B8, F9, EF, 60, 75]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                       0000000076d32aa8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                         0000000076da3201 11 bytes [B8, 39, 85, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                          0000000076ac1b21 11 bytes [B8, F9, D3, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                    0000000076ac1c10 12 bytes [48, B8, F9, 39, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                      0000000076addb80 12 bytes [48, B8, B9, 2D, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                         0000000076ae0931 11 bytes [B8, 79, E5, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                       0000000076b152f1 11 bytes [B8, B9, 7A, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                       0000000076b15311 11 bytes [B8, 39, 77, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                0000000076b2a5e0 12 bytes [48, B8, B9, 81, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                0000000076b2a6f0 12 bytes [48, B8, 39, 7E, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                           000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                           000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                        000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                            000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                              000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                        000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                            000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                        000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                    000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                   000007fefcd1287a 2 bytes [50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                          000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                           000007fefd9c642d 11 bytes [B8, 39, 5B, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                 000007fefd9c6484 12 bytes [48, B8, F9, 55, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                       000007fefd9c6519 11 bytes [B8, 39, 62, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                 000007fefd9c6c34 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                            000007fefd9c7ab5 11 bytes [B8, F9, 5C, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                        000007fefd9c8b01 11 bytes [B8, B9, 57, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                        000007fefd9c8c39 11 bytes [B8, 79, 59, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                                                          000007fefe0d4ea1 11 bytes [B8, 39, F5, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                                                              000007fefe0d55c8 12 bytes [48, B8, B9, 6C, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                                                              000007fefe0eb85c 12 bytes [48, B8, F9, 6A, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                                                        000007fefe0eb9d0 12 bytes [48, B8, 79, 60, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                                                        000007fefe0eba3c 12 bytes [48, B8, B9, 5E, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                   000007fefdac13b1 11 bytes [B8, F9, BE, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                   000007fefdac18e0 12 bytes [48, B8, 39, BD, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                                000007fefdac1bd1 11 bytes [B8, 79, BB, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                   000007fefdac2201 11 bytes [B8, F9, E1, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                  000007fefdac23c0 12 bytes [48, B8, 79, A6, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\WS2_32.dll!connect                                                                                                                       000007fefdac45c0 12 bytes [48, B8, 79, 67, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                      000007fefdac8001 11 bytes [B8, B9, B9, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                 000007fefdac8df0 7 bytes [48, B8, 39, A8, 60, 75, 00]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                             000007fefdac8df9 3 bytes [00, 50, C3]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                    000007fefdacde91 11 bytes [B8, F9, DA, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                      000007fefdacdf41 11 bytes [B8, 39, E0, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[1652] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                000007fefdaee0f1 11 bytes [B8, 79, DE, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                              0000000076d192d1 5 bytes [B8, 39, 69, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                              0000000076d192d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                   0000000076d31330 6 bytes [48, B8, B9, F1, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                               0000000076d31338 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                       0000000076d313a0 6 bytes [48, B8, B9, D5, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                   0000000076d313a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                       0000000076d31470 6 bytes [48, B8, 79, C2, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                   0000000076d31478 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                 0000000076d31510 6 bytes [48, B8, F9, 32, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                             0000000076d31518 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                            0000000076d31530 6 bytes [48, B8, 39, 1C, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                        0000000076d31538 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                          0000000076d31550 6 bytes [48, B8, F9, 1D, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                      0000000076d31558 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                            0000000076d31570 6 bytes [48, B8, B9, C0, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                        0000000076d31578 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                 0000000076d31620 6 bytes [48, B8, 39, EE, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                             0000000076d31628 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                          0000000076d31650 6 bytes [48, B8, 79, 2F, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                      0000000076d31658 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                             0000000076d31670 6 bytes [48, B8, 79, 36, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                         0000000076d31678 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                              0000000076d31700 6 bytes [48, B8, B9, 34, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                          0000000076d31708 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                               0000000076d31750 6 bytes [48, B8, 79, F3, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                           0000000076d31758 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                             0000000076d31780 6 bytes [48, B8, 39, 2A, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                         0000000076d31788 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                0000000076d31790 6 bytes [48, B8, B9, 26, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                            0000000076d31798 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                  0000000076d31800 6 bytes [48, B8, F9, EF, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                              0000000076d31808 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                 0000000076d318b0 6 bytes [48, B8, F9, F6, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                             0000000076d318b8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                0000000076d31c80 6 bytes [48, B8, 79, EC, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                            0000000076d31c88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                               0000000076d31cd0 6 bytes [48, B8, 79, 28, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                           0000000076d31cd8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                              0000000076d31d30 6 bytes [48, B8, F9, 24, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                          0000000076d31d38 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                  0000000076d320a0 6 bytes [48, B8, 79, D7, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                              0000000076d320a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                              0000000076d325e0 6 bytes [48, B8, 79, 83, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                          0000000076d325e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                            0000000076d327e0 6 bytes [48, B8, 39, 31, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                        0000000076d327e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                        0000000076d329a0 6 bytes [48, B8, 39, D9, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                    0000000076d329a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                              0000000076d32a80 6 bytes [48, B8, 79, 3D, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                          0000000076d32a88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                               0000000076d32a90 6 bytes [48, B8, B9, 3B, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                           0000000076d32a98 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                          0000000076d32aa0 6 bytes [48, B8, 39, F5, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                      0000000076d32aa8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                                                  0000000076d32b80 6 bytes [48, B8, 39, E7, 60, 75]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                                                              0000000076d32b88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                        0000000076da3201 11 bytes [B8, 39, 85, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                          000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                          000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                       000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                           000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                             000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                       000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                           000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                       000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                   000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                  000007fefcd1287a 2 bytes [50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                         000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                          000007fefd9c642d 11 bytes [B8, 39, 5B, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                000007fefd9c6484 12 bytes [48, B8, F9, 55, 60, 75, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                      000007fefd9c6519 11 bytes [B8, 39, 62, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                000007fefd9c6c34 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                           000007fefd9c7ab5 11 bytes [B8, F9, 5C, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                       000007fefd9c8b01 11 bytes [B8, B9, 57, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                       000007fefd9c8c39 11 bytes [B8, 79, 59, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                  000007fefdac13b1 11 bytes [B8, F9, BE, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                  000007fefdac18e0 12 bytes [48, B8, 39, BD, 60, 75, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                               000007fefdac1bd1 11 bytes [B8, 79, BB, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                  000007fefdac2201 11 bytes [B8, F9, E1, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                 000007fefdac23c0 12 bytes [48, B8, 79, A6, 60, 75, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\WS2_32.dll!connect                                                                                                                      000007fefdac45c0 12 bytes [48, B8, 79, 67, 60, 75, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                     000007fefdac8001 11 bytes [B8, B9, B9, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                000007fefdac8df0 7 bytes [48, B8, 39, A8, 60, 75, 00]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                            000007fefdac8df9 3 bytes [00, 50, C3]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                   000007fefdacde91 11 bytes [B8, F9, DA, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                     000007fefdacdf41 11 bytes [B8, 39, E0, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\atieclxx.exe[1828] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                               000007fefdaee0f1 11 bytes [B8, 79, DE, 60, 75, 00, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                               0000000076d192d1 5 bytes [B8, 39, 69, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                               0000000076d192d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                    0000000076d31330 6 bytes [48, B8, B9, F1, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                0000000076d31338 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                        0000000076d313a0 6 bytes [48, B8, B9, D5, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                    0000000076d313a8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                        0000000076d31470 6 bytes [48, B8, 79, C2, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                    0000000076d31478 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                  0000000076d31510 6 bytes [48, B8, F9, 32, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                              0000000076d31518 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                             0000000076d31530 6 bytes [48, B8, 39, 1C, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                         0000000076d31538 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                           0000000076d31550 6 bytes [48, B8, F9, 1D, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                       0000000076d31558 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                             0000000076d31570 6 bytes [48, B8, B9, C0, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                         0000000076d31578 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                  0000000076d31620 6 bytes [48, B8, 39, EE, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                              0000000076d31628 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                           0000000076d31650 6 bytes [48, B8, 79, 2F, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                       0000000076d31658 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                              0000000076d31670 6 bytes [48, B8, 79, 36, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                          0000000076d31678 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                               0000000076d31700 6 bytes [48, B8, B9, 34, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                           0000000076d31708 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                0000000076d31750 6 bytes [48, B8, 79, F3, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                            0000000076d31758 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                              0000000076d31780 6 bytes [48, B8, 39, 2A, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                          0000000076d31788 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                 0000000076d31790 6 bytes [48, B8, B9, 26, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                             0000000076d31798 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                   0000000076d31800 6 bytes [48, B8, F9, EF, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                               0000000076d31808 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                  0000000076d318b0 6 bytes [48, B8, F9, F6, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                              0000000076d318b8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                 0000000076d31c80 6 bytes [48, B8, 79, EC, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                             0000000076d31c88 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                0000000076d31cd0 6 bytes [48, B8, 79, 28, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                            0000000076d31cd8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                               0000000076d31d30 6 bytes [48, B8, F9, 24, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                           0000000076d31d38 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                   0000000076d320a0 6 bytes [48, B8, 79, D7, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                               0000000076d320a8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                               0000000076d325e0 6 bytes [48, B8, 79, 83, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                           0000000076d325e8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                             0000000076d327e0 6 bytes [48, B8, 39, 31, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                         0000000076d327e8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                         0000000076d329a0 6 bytes [48, B8, 39, D9, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                     0000000076d329a8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                               0000000076d32a80 6 bytes [48, B8, 79, 3D, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                           0000000076d32a88 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                0000000076d32a90 6 bytes [48, B8, B9, 3B, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                            0000000076d32a98 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                           0000000076d32aa0 6 bytes [48, B8, 39, F5, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                       0000000076d32aa8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                                   0000000076d32b80 6 bytes [48, B8, 39, E7, 60, 75]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                               0000000076d32b88 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                         0000000076da3201 11 bytes [B8, 39, 85, 60, 75, 00, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                          0000000076ac1b21 11 bytes [B8, F9, D3, 60, 75, 00, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                    0000000076ac1c10 12 bytes [48, B8, F9, 39, 60, 75, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                      0000000076addb80 12 bytes [48, B8, B9, 2D, 60, 75, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                         0000000076ae0931 11 bytes [B8, 79, E5, 60, 75, 00, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                       0000000076b152f1 11 bytes [B8, B9, 7A, 60, 75, 00, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                       0000000076b15311 11 bytes [B8, 39, 77, 60, 75, 00, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                0000000076b2a5e0 12 bytes [48, B8, B9, 81, 60, 75, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                0000000076b2a6f0 12 bytes [48, B8, 39, 7E, 60, 75, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                           000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                           000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                        000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                            000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                              000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                        000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                            000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                        000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                    000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                   000007fefcd1287a 2 bytes [50, C3]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                          000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1                                                                        000007fefdc269ed 11 bytes [B8, F9, 63, 60, 75, 00, 00, ...]
.text     C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1880] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW                                                                       000007fefdc37620 12 bytes [48, B8, B9, 65, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                               0000000076d192d1 5 bytes [B8, 39, 69, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                               0000000076d192d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                    0000000076d31330 6 bytes [48, B8, 79, EC, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                0000000076d31338 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                        0000000076d313a0 6 bytes [48, B8, B9, D5, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                    0000000076d313a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                        0000000076d31470 6 bytes [48, B8, 79, C2, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                    0000000076d31478 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                  0000000076d31510 6 bytes [48, B8, F9, 32, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                              0000000076d31518 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                             0000000076d31530 6 bytes [48, B8, 39, 1C, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                         0000000076d31538 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                           0000000076d31550 6 bytes [48, B8, F9, 1D, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                       0000000076d31558 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                             0000000076d31570 6 bytes [48, B8, B9, C0, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                         0000000076d31578 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                  0000000076d31620 6 bytes [48, B8, F9, E8, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                              0000000076d31628 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                           0000000076d31650 6 bytes [48, B8, 79, 2F, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                       0000000076d31658 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                              0000000076d31670 6 bytes [48, B8, 79, 36, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                          0000000076d31678 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                               0000000076d31700 6 bytes [48, B8, B9, 34, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                           0000000076d31708 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                0000000076d31750 6 bytes [48, B8, 39, EE, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                            0000000076d31758 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                              0000000076d31780 6 bytes [48, B8, 39, 2A, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                          0000000076d31788 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                 0000000076d31790 6 bytes [48, B8, B9, 26, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                             0000000076d31798 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                   0000000076d31800 6 bytes [48, B8, B9, EA, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                               0000000076d31808 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                  0000000076d318b0 6 bytes [48, B8, B9, F1, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                              0000000076d318b8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                 0000000076d31c80 6 bytes [48, B8, 39, E7, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                             0000000076d31c88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                0000000076d31cd0 6 bytes [48, B8, 79, 28, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                            0000000076d31cd8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                               0000000076d31d30 6 bytes [48, B8, F9, 24, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                           0000000076d31d38 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                   0000000076d320a0 6 bytes [48, B8, 79, D7, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                               0000000076d320a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                               0000000076d325e0 6 bytes [48, B8, 79, 83, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                           0000000076d325e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                             0000000076d327e0 6 bytes [48, B8, 39, 31, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                         0000000076d327e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                         0000000076d329a0 6 bytes [48, B8, 39, D9, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                     0000000076d329a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                               0000000076d32a80 6 bytes [48, B8, 79, 3D, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                           0000000076d32a88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                0000000076d32a90 6 bytes [48, B8, B9, 3B, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                            0000000076d32a98 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                           0000000076d32aa0 6 bytes [48, B8, F9, EF, 60, 75]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                       0000000076d32aa8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                         0000000076da3201 11 bytes [B8, 39, 85, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                           000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                           000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                        000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                            000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                              000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                        000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                            000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                        000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                    000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                   000007fefcd1287a 2 bytes [50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                          000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                           000007fefd9c642d 11 bytes [B8, 39, 5B, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                 000007fefd9c6484 12 bytes [48, B8, F9, 55, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                       000007fefd9c6519 11 bytes [B8, 39, 62, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                 000007fefd9c6c34 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                            000007fefd9c7ab5 11 bytes [B8, F9, 5C, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                        000007fefd9c8b01 11 bytes [B8, B9, 57, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                        000007fefd9c8c39 11 bytes [B8, 79, 59, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                                                                   000007fefdac13b1 11 bytes [B8, F9, BE, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!closesocket                                                                                                                   000007fefdac18e0 12 bytes [48, B8, 39, BD, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                                                                000007fefdac1bd1 11 bytes [B8, 79, BB, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                                                                   000007fefdac2201 11 bytes [B8, F9, E1, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                                                                  000007fefdac23c0 12 bytes [48, B8, 79, A6, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!connect                                                                                                                       000007fefdac45c0 12 bytes [48, B8, 79, 67, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!send + 1                                                                                                                      000007fefdac8001 11 bytes [B8, B9, B9, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                                                                 000007fefdac8df0 7 bytes [48, B8, 39, A8, 60, 75, 00]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                                                             000007fefdac8df9 3 bytes [00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!socket + 1                                                                                                                    000007fefdacde91 11 bytes [B8, F9, DA, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!recv + 1                                                                                                                      000007fefdacdf41 11 bytes [B8, 39, E0, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2016] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                                                                000007fefdaee0f1 11 bytes [B8, 79, DE, 60, 75, 00, 00, ...]
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                            0000000076edf928 5 bytes JMP 0000000173b76ca1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                0000000076edf9e0 5 bytes JMP 0000000173b764e9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                0000000076edfb28 5 bytes JMP 0000000173b75ef9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                          0000000076edfc20 5 bytes JMP 0000000173b731d9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                     0000000076edfc50 5 bytes JMP 0000000173b715f1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                   0000000076edfc80 5 bytes JMP 0000000173b71689
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                     0000000076edfcb0 5 bytes JMP 0000000173b75e61
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                          0000000076edfdc8 5 bytes JMP 0000000173b76c09
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                   0000000076edfe14 5 bytes JMP 0000000173b730a9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                      0000000076edfe44 5 bytes JMP 0000000173b73309
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                       0000000076edff24 5 bytes JMP 0000000173b73271
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                        0000000076edffa4 5 bytes JMP 0000000173b76d39
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                      0000000076edffec 5 bytes JMP 0000000173b72ee1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                         0000000076ee0004 5 bytes JMP 0000000173b72db1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                           0000000076ee00b4 5 bytes JMP 0000000173b71ed9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                          0000000076ee01c4 5 bytes JMP 0000000173b72301
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                         0000000076ee079c 5 bytes JMP 0000000173b76b71
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                        0000000076ee0814 5 bytes JMP 0000000173b72e49
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                       0000000076ee08a4 5 bytes JMP 0000000173b72d19
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                           0000000076ee0df4 5 bytes JMP 0000000173b76581
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                       0000000076ee1604 5 bytes JMP 0000000173b74ac9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                     0000000076ee1920 5 bytes JMP 0000000173b73141
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                 0000000076ee1be4 5 bytes JMP 0000000173b76619
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                       0000000076ee1d54 5 bytes JMP 0000000173b73439
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                        0000000076ee1d70 5 bytes JMP 0000000173b733a1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl                                                                   0000000076ee1d8c 5 bytes JMP 0000000173b76dd1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl                                                                           0000000076ee1ee8 5 bytes JMP 0000000173b769a9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter                                                             0000000076ef88c4 5 bytes JMP 0000000173b71ab1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx                                                           0000000076f20d3b 5 bytes JMP 0000000173b72009
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!RtlReportException                                                                     0000000076f6860f 5 bytes JMP 0000000173b74b61
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters                                                             0000000076f6e8ab 5 bytes JMP 0000000173b71f71
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA                                                                     0000000076050e00 5 bytes JMP 0000000173b71da9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                      0000000076051072 5 bytes JMP 0000000173b72a21
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                                        000000007605499f 5 bytes JMP 0000000173b725f9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW                                                              0000000076063bbb 5 bytes JMP 0000000173b73011
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot                                                            0000000076077327 5 bytes JMP 0000000173b72729
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\kernel32.dll!Process32NextW                                                                      00000000760788da 5 bytes JMP 0000000173b76451
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\kernel32.dll!WinExec                                                                             00000000760d2ff1 5 bytes JMP 0000000173b728f1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA                                                                   00000000760f748b 5 bytes JMP 0000000173b746a1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW                                                                   00000000760f74ae 5 bytes JMP 0000000173b747d1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\kernel32.dll!ReadConsoleA                                                                        00000000760f7859 5 bytes JMP 0000000173b74901
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\kernel32.dll!ReadConsoleW                                                                        00000000760f78d2 5 bytes JMP 0000000173b74a31
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime                                                           0000000075b28f8d 5 bytes JMP 0000000173b71a19
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle                                                                       0000000075b2c436 5 bytes JMP 0000000173b73b59
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory                                                                0000000075b2eca6 5 bytes JMP 0000000173b73601
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess                                                                       0000000075b2f206 5 bytes JMP 0000000173b72399
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW                                                                   0000000075b2fa89 5 bytes JMP 0000000173b71e41
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW                                                                      0000000075b31358 5 bytes JMP 0000000173b73ac1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW                                                                        0000000075b3137f 5 bytes JMP 0000000173b73a29
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                  0000000075b31d29 5 bytes JMP 0000000173b71981
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress                                                                    0000000075b31e15 5 bytes JMP 0000000173b724c9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                    0000000075b32ab1 5 bytes JMP 0000000173b76029
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA                                                                    0000000075b32cd9 5 bytes JMP 0000000173b75f91
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                       0000000075b32d17 5 bytes JMP 0000000173b760c1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA                                                                  0000000075b32e7a 5 bytes JMP 0000000173b718e9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\KERNELBASE.dll!SleepEx                                                                           0000000075b33b70 5 bytes JMP 0000000173b72269
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\KERNELBASE.dll!Sleep                                                                             0000000075b34496 5 bytes JMP 0000000173b72431
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\KERNELBASE.dll!CreateThread                                                                      0000000075b34608 5 bytes JMP 0000000173b73569
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread                                                                0000000075b34631 5 bytes JMP 0000000173b72c81
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA                                                                       0000000075b3c734 5 bytes JMP 0000000173b727c1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\WS2_32.dll!closesocket                                                                           0000000074c43918 5 bytes JMP 0000000173b75dc9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\WS2_32.dll!WSASocketW                                                                            0000000074c43cd3 5 bytes JMP 0000000173b75d31
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\WS2_32.dll!socket                                                                                0000000074c43eb8 5 bytes JMP 0000000173b766b1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\WS2_32.dll!WSASend                                                                               0000000074c44406 5 bytes JMP 0000000173b72139
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW                                                                          0000000074c44889 5 bytes JMP 0000000173b756a9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\WS2_32.dll!recv                                                                                  0000000074c46b0e 5 bytes JMP 0000000173b76879
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\WS2_32.dll!connect                                                                               0000000074c46bdd 1 byte JMP 0000000173b741e1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\WS2_32.dll!connect + 2                                                                           0000000074c46bdf 3 bytes {CALL RBP}
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\WS2_32.dll!send                                                                                  0000000074c46f01 5 bytes JMP 0000000173b720a1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\WS2_32.dll!WSARecv                                                                               0000000074c47089 5 bytes JMP 0000000173b76911
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\WS2_32.dll!WSAConnect                                                                            0000000074c4cc3f 5 bytes JMP 0000000173b767e1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                                                         0000000074c57673 5 bytes JMP 0000000173b75741
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\msvcrt.dll!_lock + 41                                                                            00000000769ba472 5 bytes JMP 0000000173b76f01
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\msvcrt.dll!__p__fmode                                                                            00000000769c27ce 5 bytes JMP 0000000173b71be1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\msvcrt.dll!__p__environ                                                                          00000000769ce6cf 5 bytes JMP 0000000173b71b49
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!GetMessageW                                                                           0000000075bc78e2 5 bytes JMP 0000000173b74441
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!GetMessageA                                                                           0000000075bc7bd3 5 bytes JMP 0000000173b743a9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!CreateWindowExW                                                                       0000000075bc8a29 5 bytes JMP 0000000173b757d9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!FindWindowW                                                                           0000000075bc98fd 5 bytes JMP 0000000173b76289
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!UserClientDllInitialize                                                               0000000075bcb6ed 5 bytes JMP 0000000173b76f99
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!CreateWindowExA                                                                       0000000075bcd22e 5 bytes JMP 0000000173b75871
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!SetWinEventHook                                                                       0000000075bcee09 5 bytes JMP 0000000173b734d1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!FindWindowA                                                                           0000000075bcffe6 5 bytes JMP 0000000173b76159
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!FindWindowExA                                                                         0000000075bd00d9 5 bytes JMP 0000000173b761f1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!PeekMessageW                                                                          0000000075bd05ba 5 bytes JMP 0000000173b74571
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!ShowWindow                                                                            0000000075bd0dfb 5 bytes JMP 0000000173b75909
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!PostMessageW                                                                          0000000075bd12a5 5 bytes JMP 0000000173b76ad9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!SetWindowTextW                                                                        0000000075bd20ec 5 bytes JMP 0000000173b75c99
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!PostMessageA                                                                          0000000075bd3baa 5 bytes JMP 0000000173b76a41
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!PeekMessageA                                                                          0000000075bd5f74 5 bytes JMP 0000000173b744d9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!CallNextHookEx                                                                        0000000075bd6285 5 bytes JMP 0000000173b74bf9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!SetWindowsHookExW                                                                     0000000075bd7603 5 bytes JMP 0000000173b72be9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!SetWindowTextA                                                                        0000000075bd7aee 5 bytes JMP 0000000173b75c01
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!SetWindowsHookExA                                                                     0000000075bd835c 5 bytes JMP 0000000173b72b51
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!DialogBoxIndirectParamAorW                                                            0000000075bece54 5 bytes JMP 0000000173b75a39
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!UnhookWindowsHookEx                                                                   0000000075bef52b 5 bytes JMP 0000000173b74c91
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!FindWindowExW                                                                         0000000075bef588 5 bytes JMP 0000000173b76321
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!CreateDialogIndirectParamAorW                                                         0000000075bf10a0 5 bytes JMP 0000000173b759a1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!MessageBoxExA                                                                         0000000075c1fcd6 5 bytes JMP 0000000173b75ad1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\user32.dll!MessageBoxExW                                                                         0000000075c1fcfa 5 bytes JMP 0000000173b75b69
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW                                                                        00000000762bc9ec 3 bytes JMP 0000000173b73c89
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW + 4                                                                    00000000762bc9f0 1 byte [FD]
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA                                                                        00000000762c2b70 3 bytes JMP 0000000173b73bf1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA + 4                                                                    00000000762c2b74 1 byte [FD]
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle                                                                  00000000762c361c 3 bytes JMP 0000000173b740b1
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 4                                                              00000000762c3620 1 byte [FD]
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222                                                                 00000000762c4965 3 bytes JMP 0000000173b77031
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 226                                                                 00000000762c4969 1 byte [FD]
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW                                                                      00000000762d70c4 5 bytes JMP 0000000173b74311
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\ADVAPI32.dll!ControlService                                                                      00000000762d70dc 5 bytes JMP 0000000173b73e51
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\ADVAPI32.dll!DeleteService                                                                       00000000762d70f4 5 bytes JMP 0000000173b73ee9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA                                                                00000000762f31f4 5 bytes JMP 0000000173b73f81
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW                                                                00000000762f3204 5 bytes JMP 0000000173b74019
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA                                                                   00000000762f3214 5 bytes JMP 0000000173b73d21
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW                                                                   00000000762f3224 5 bytes JMP 0000000173b73db9
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA                                                                      00000000762f3264 5 bytes JMP 0000000173b74279
.text     C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe[1444] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW                                                                    0000000074e00179 5 bytes JMP 0000000173b74d29
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                                                               0000000076d192d1 5 bytes [B8, 39, 69, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                                                               0000000076d192d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                                                                    0000000076d31330 6 bytes [48, B8, 79, EC, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                                                                0000000076d31338 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                                                        0000000076d313a0 6 bytes [48, B8, B9, D5, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                                                                    0000000076d313a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                                                        0000000076d31470 6 bytes [48, B8, 79, C2, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                                                                    0000000076d31478 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                                                                  0000000076d31510 6 bytes [48, B8, F9, 32, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                                                              0000000076d31518 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                             0000000076d31530 6 bytes [48, B8, 39, 1C, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                                                         0000000076d31538 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                                                           0000000076d31550 6 bytes [48, B8, F9, 1D, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                                                                       0000000076d31558 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                                                             0000000076d31570 6 bytes [48, B8, B9, C0, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                                                         0000000076d31578 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                                                                  0000000076d31620 6 bytes [48, B8, F9, E8, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                                                              0000000076d31628 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                           0000000076d31650 6 bytes [48, B8, 79, 2F, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                                                                       0000000076d31658 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                                                              0000000076d31670 6 bytes [48, B8, 79, 36, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                                                          0000000076d31678 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                               0000000076d31700 6 bytes [48, B8, B9, 34, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                                                           0000000076d31708 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                                                                0000000076d31750 6 bytes [48, B8, 39, EE, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                                                            0000000076d31758 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                                                              0000000076d31780 6 bytes [48, B8, 39, 2A, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                                                          0000000076d31788 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                                                                 0000000076d31790 6 bytes [48, B8, B9, 26, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                                                             0000000076d31798 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                                                                   0000000076d31800 6 bytes [48, B8, B9, EA, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                                                               0000000076d31808 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                                                                  0000000076d318b0 6 bytes [48, B8, B9, F1, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                                                              0000000076d318b8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                                                                 0000000076d31c80 6 bytes [48, B8, 39, E7, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                                                             0000000076d31c88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                                                                0000000076d31cd0 6 bytes [48, B8, 79, 28, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                                                            0000000076d31cd8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                               0000000076d31d30 6 bytes [48, B8, F9, 24, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                                                           0000000076d31d38 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                                                                   0000000076d320a0 6 bytes [48, B8, 79, D7, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                                                               0000000076d320a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                                                               0000000076d325e0 6 bytes [48, B8, 79, 83, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                                                           0000000076d325e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                             0000000076d327e0 6 bytes [48, B8, 39, 31, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                                                         0000000076d327e8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                                                         0000000076d329a0 6 bytes [48, B8, 39, D9, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                                                                     0000000076d329a8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                                                               0000000076d32a80 6 bytes [48, B8, 79, 3D, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                                                           0000000076d32a88 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                                                                0000000076d32a90 6 bytes [48, B8, B9, 3B, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                                                            0000000076d32a98 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                                                           0000000076d32aa0 6 bytes [48, B8, F9, EF, 60, 75]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                                                                       0000000076d32aa8 4 bytes [00, 00, 50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                                                         0000000076da3201 11 bytes [B8, 39, 85, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                                                          0000000076ac1b21 11 bytes [B8, F9, D3, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                                                                    0000000076ac1c10 12 bytes [48, B8, F9, 39, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                                                                      0000000076addb80 12 bytes [48, B8, B9, 2D, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                                                         0000000076ae0931 11 bytes [B8, 79, E5, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                                                                       0000000076b152f1 11 bytes [B8, B9, 7A, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                                                                       0000000076b15311 11 bytes [B8, 39, 77, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                                                                0000000076b2a5e0 12 bytes [48, B8, B9, 81, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                                                                0000000076b2a6f0 12 bytes [48, B8, 39, 7E, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                                                           000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                                                           000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                                                        000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                            000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                                                              000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                                                        000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                                                            000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                        000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                                                                    000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                                                                   000007fefcd1287a 2 bytes [50, C3]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                                                          000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                                                           000007fefd9c642d 11 bytes [B8, 39, 5B, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                                                                 000007fefd9c6484 12 bytes [48, B8, F9, 55, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                                                                       000007fefd9c6519 11 bytes [B8, 39, 62, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                                                                 000007fefd9c6c34 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                                                            000007fefd9c7ab5 11 bytes [B8, F9, 5C, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                                                        000007fefd9c8b01 11 bytes [B8, B9, 57, 60, 75, 00, 00, ...]
.text     C:\Windows\system32\svchost.exe[2060] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                                                        000007fefd9c8c39 11 bytes [B8, 79, 59, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1                                                       0000000076d192d1 5 bytes [B8, 39, 69, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7                                                       0000000076d192d7 5 bytes [00, 00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile                                                                            0000000076d31330 6 bytes [48, B8, B9, F1, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8                                                                        0000000076d31338 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtClose                                                                                0000000076d313a0 6 bytes [48, B8, B9, D5, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8                                                                            0000000076d313a8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess                                                                0000000076d31470 6 bytes [48, B8, 79, C2, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8                                                            0000000076d31478 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                                          0000000076d31510 6 bytes [48, B8, F9, 32, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8                                                                      0000000076d31518 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                     0000000076d31530 6 bytes [48, B8, 39, 1C, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8                                                                 0000000076d31538 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection                                                                   0000000076d31550 6 bytes [48, B8, F9, 1D, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8                                                               0000000076d31558 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                     0000000076d31570 6 bytes [48, B8, B9, C0, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8                                                                 0000000076d31578 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                                          0000000076d31620 6 bytes [48, B8, 39, EE, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8                                                                      0000000076d31628 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                   0000000076d31650 6 bytes [48, B8, 79, 2F, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8                                                               0000000076d31658 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                                      0000000076d31670 6 bytes [48, B8, 79, 36, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8                                                                  0000000076d31678 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                       0000000076d31700 6 bytes [48, B8, B9, 34, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8                                                                   0000000076d31708 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                                        0000000076d31750 6 bytes [48, B8, 79, F3, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8                                                                    0000000076d31758 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx                                                                      0000000076d31780 6 bytes [48, B8, 39, 2A, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8                                                                  0000000076d31788 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                                         0000000076d31790 6 bytes [48, B8, B9, 26, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8                                                                     0000000076d31798 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile                                                                           0000000076d31800 6 bytes [48, B8, F9, EF, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8                                                                       0000000076d31808 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey                                                                          0000000076d318b0 6 bytes [48, B8, F9, F6, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8                                                                      0000000076d318b8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                                         0000000076d31c80 6 bytes [48, B8, 79, EC, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8                                                                     0000000076d31c88 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess                                                                        0000000076d31cd0 6 bytes [48, B8, 79, 28, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8                                                                    0000000076d31cd8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                       0000000076d31d30 6 bytes [48, B8, F9, 24, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8                                                                   0000000076d31d38 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                                           0000000076d320a0 6 bytes [48, B8, 79, D7, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8                                                                       0000000076d320a8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError                                                                       0000000076d325e0 6 bytes [48, B8, 79, 83, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8                                                                   0000000076d325e8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     0000000076d327e0 6 bytes [48, B8, 39, 31, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8                                                                 0000000076d327e8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                                 0000000076d329a0 6 bytes [48, B8, 39, D9, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8                                                             0000000076d329a8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                                       0000000076d32a80 6 bytes [48, B8, 79, 3D, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8                                                                   0000000076d32a88 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                                        0000000076d32a90 6 bytes [48, B8, B9, 3B, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8                                                                    0000000076d32a98 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                                   0000000076d32aa0 6 bytes [48, B8, 39, F5, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8                                                               0000000076d32aa8 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                                           0000000076d32b80 6 bytes [48, B8, 39, E7, 60, 75]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8                                                                       0000000076d32b88 4 bytes [00, 00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1                                                                 0000000076da3201 11 bytes [B8, 39, 85, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\kernel32.dll!Process32NextW + 1                                                                  0000000076ac1b21 11 bytes [B8, F9, D3, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot                                                            0000000076ac1c10 12 bytes [48, B8, F9, 39, 60, 75, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\kernel32.dll!CreateProcessInternalW                                                              0000000076addb80 12 bytes [48, B8, B9, 2D, 60, 75, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1                                                                 0000000076ae0931 11 bytes [B8, 79, E5, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1                                                               0000000076b152f1 11 bytes [B8, B9, 7A, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1                                                               0000000076b15311 11 bytes [B8, 39, 77, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\kernel32.dll!ReadConsoleW                                                                        0000000076b2a5e0 12 bytes [48, B8, B9, 81, 60, 75, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\kernel32.dll!ReadConsoleA                                                                        0000000076b2a6f0 12 bytes [48, B8, 39, 7E, 60, 75, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1                                                                   000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1                                                                   000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1                                                                000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                    000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\KERNELBASE.dll!CreateMutexW                                                                      000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1                                                                000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1                                                                    000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1                                                            000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10                                                           000007fefcd1287a 2 bytes [50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1                                                                  000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49                                                                  000007fefe0d4ea1 11 bytes [B8, B9, F8, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\ADVAPI32.dll!CreateServiceW                                                                      000007fefe0d55c8 12 bytes [48, B8, B9, 6C, 60, 75, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\ADVAPI32.dll!CreateServiceA                                                                      000007fefe0eb85c 12 bytes [48, B8, F9, 6A, 60, 75, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW                                                                000007fefe0eb9d0 12 bytes [48, B8, 79, 60, 60, 75, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA                                                                000007fefe0eba3c 12 bytes [48, B8, B9, 5E, 60, 75, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1                                                                   000007fefd9c642d 11 bytes [B8, 39, 5B, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW                                                                         000007fefd9c6484 12 bytes [48, B8, F9, 55, 60, 75, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1                                                               000007fefd9c6519 11 bytes [B8, 39, 62, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA                                                                         000007fefd9c6c34 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1                                                                    000007fefd9c7ab5 11 bytes [B8, F9, 5C, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1                                                                000007fefd9c8b01 11 bytes [B8, B9, 57, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1                                                                000007fefd9c8c39 11 bytes [B8, 79, 59, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\WS2_32.dll!WSASend + 1                                                                           000007fefdac13b1 11 bytes [B8, F9, BE, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\WS2_32.dll!closesocket                                                                           000007fefdac18e0 12 bytes [48, B8, 39, BD, 60, 75, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\WS2_32.dll!WSASocketW + 1                                                                        000007fefdac1bd1 11 bytes [B8, 79, BB, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\WS2_32.dll!WSARecv + 1                                                                           000007fefdac2201 11 bytes [B8, F9, E1, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\WS2_32.dll!GetAddrInfoW                                                                          000007fefdac23c0 12 bytes [48, B8, 79, A6, 60, 75, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\WS2_32.dll!connect                                                                               000007fefdac45c0 12 bytes [48, B8, 79, 67, 60, 75, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\WS2_32.dll!send + 1                                                                              000007fefdac8001 11 bytes [B8, B9, B9, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\WS2_32.dll!gethostbyname                                                                         000007fefdac8df0 7 bytes [48, B8, 39, A8, 60, 75, 00]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\WS2_32.dll!gethostbyname + 9                                                                     000007fefdac8df9 3 bytes [00, 50, C3]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\WS2_32.dll!socket + 1                                                                            000007fefdacde91 11 bytes [B8, F9, DA, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\WS2_32.dll!recv + 1                                                                              000007fefdacdf41 11 bytes [B8, 39, E0, 60, 75, 00, 00, ...]
.text     C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2300] C:\Windows\system32\WS2_32.dll!WSAConnect + 1                                                                        000007fefdaee0f1 11 bytes [B8, 79, DE, 60, 75, 00, 00, ...]
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                                                                       0000000076edf928 5 bytes JMP 0000000173b76ca1
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                                                                           0000000076edf9e0 5 bytes JMP 0000000173b764e9
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess                                                                                           0000000076edfb28 5 bytes JMP 0000000173b75ef9
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess                                                                                                     0000000076edfc20 5 bytes JMP 0000000173b731d9
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                                                                                0000000076edfc50 5 bytes JMP 0000000173b715f1
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                                                                              0000000076edfc80 5 bytes JMP 0000000173b71689
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                                                0000000076edfcb0 5 bytes JMP 0000000173b75e61
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                                                                     0000000076edfdc8 5 bytes JMP 0000000173b76c09
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                                              0000000076edfe14 5 bytes JMP 0000000173b730a9
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                                                                                 0000000076edfe44 5 bytes JMP 0000000173b73309
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread                                                                                                  0000000076edff24 5 bytes JMP 0000000173b73271
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                                                                                   0000000076edffa4 5 bytes JMP 0000000173b76d39
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                                                                                 0000000076edffec 5 bytes JMP 0000000173b72ee1
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                                    0000000076ee0004 5 bytes JMP 0000000173b72db1
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                                                                      0000000076ee00b4 5 bytes JMP 0000000173b71ed9
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                                                                     0000000076ee01c4 5 bytes JMP 0000000173b72301
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                                    0000000076ee079c 5 bytes JMP 0000000173b76b71
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                                                                                   0000000076ee0814 5 bytes JMP 0000000173b72e49
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                                  0000000076ee08a4 5 bytes JMP 0000000173b72d19
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                                      0000000076ee0df4 5 bytes JMP 0000000173b76581
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError                                                                                                  0000000076ee1604 5 bytes JMP 0000000173b74ac9
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                                                0000000076ee1920 5 bytes JMP 0000000173b73141
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                                            0000000076ee1be4 5 bytes JMP 0000000173b76619
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess                                                                                                  0000000076ee1d54 5 bytes JMP 0000000173b73439
.text     C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread   

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP