Jump to content


Photo

Cannot Update AdAware


  • This topic is locked This topic is locked
22 replies to this topic

#1 Eric Simon McDonald

Eric Simon McDonald

    Member

  • Members
  • PipPip
  • 12 posts

Posted 23 October 2010 - 02:29 AM

I cannot update AdAware due to errorcode: -1. I also am unable to run Spybot S&D. Also Windows is not updating.

I have followed the required steps. (OTM & ERUNT; AdAware Scan (not updated); GMER; and HJT (see below).

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:07:41 PM, on 10/22/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Users\Eric\Desktop\Anti Spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.computers.us.fujitsu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts:  ■127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CNET TechTracker.lnk = C:\Users\Eric\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) - http://utilities.pcp...ols/pcmatic.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{218BF516-6AEE-42FF-9C5D-ACB191527E79}: NameServer = 93.188.164.127,93.188.160.207
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFE23845-72B6-4C1B-8BB8-1E9B61E8BA6F}: NameServer = 93.188.164.127,93.188.160.207
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.127,93.188.160.207
O17 - HKLM\System\CS1\Services\Tcpip\..\{218BF516-6AEE-42FF-9C5D-ACB191527E79}: NameServer = 93.188.164.127,93.188.160.207
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.127,93.188.160.207
O17 - HKLM\System\CS2\Services\Tcpip\..\{218BF516-6AEE-42FF-9C5D-ACB191527E79}: NameServer = 93.188.164.127,93.188.160.207
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.127,93.188.160.207
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: o2flash - O2Micro International - C:\Windows\system32\o2flash.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: U2VSvr - Unknown owner - C:\Windows\system32\U2VSvr.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - c:\Program Files\FUJITSU\chitose\updnvsrv.exe

--
End of file - 8446 bytes


Thank you,

esm

Attached Files



#2 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 24 October 2010 - 10:04 AM

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#3 Eric Simon McDonald

Eric Simon McDonald

    Member

  • Members
  • PipPip
  • 12 posts

Posted 25 October 2010 - 05:11 AM

Thank you for responding.
The requested files are attached.

Attached Files



#4 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 25 October 2010 - 07:12 AM

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#5 Eric Simon McDonald

Eric Simon McDonald

    Member

  • Members
  • PipPip
  • 12 posts

Posted 26 October 2010 - 01:07 AM

I am unable to get Combofix to run on my computer. I have disabled all firewalls, anti-spyware, virus protection, etc...

#6 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 26 October 2010 - 06:44 AM

Hi,

Please rename ComboFix.exe file -> Anything.exe and try to run it (protection disabled).
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#7 Eric Simon McDonald

Eric Simon McDonald

    Member

  • Members
  • PipPip
  • 12 posts

Posted 27 October 2010 - 07:47 AM

Renamed ComboFix.exe. This allowed the program to initially run. I went through it as described in the link you sent. However, after the registry back up was created, it would say it was beginning to scan the computer, but would not scan after given sufficient amount of time (2+ hours). It never got to the step where it went through multiple stages. It stopped after the text read it could take double the time on highly infected machines (or something close to that).

- esm

#8 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 27 October 2010 - 08:51 AM

Hi,

Get a fresh version of ComboFix and try to run it renamed in safe mode.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#9 Eric Simon McDonald

Eric Simon McDonald

    Member

  • Members
  • PipPip
  • 12 posts

Posted 28 October 2010 - 09:54 AM

Worked in Safe mode.

combofix.txt and dds.txt attached

Attached Files



#10 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 28 October 2010 - 10:47 AM

Hi again,

Uninstall old Adobe Reader versions and get the latest one (9.4) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 22.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


Download ATF (Atribune Temp File) Cleanerę by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report & a fresh dds.txt log.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#11 Eric Simon McDonald

Eric Simon McDonald

    Member

  • Members
  • PipPip
  • 12 posts

Posted 29 October 2010 - 08:36 AM

Unable to run kaspersky scan

needs java framework 1.6 or higher.
uninstalled all old Java and installed the latest version.
downloaded JMF 2.2.1e but still doesn't work.
Tried in safemode as well.

Attached are latest DDS files

Attached Files



#12 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 29 October 2010 - 06:47 PM

Let's try other scanner instead.

* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked.
  • Click Scan
  • Wait for the scan to finish. Post back the report (if anything found). Let me also know if the original issue still exists.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#13 Eric Simon McDonald

Eric Simon McDonald

    Member

  • Members
  • PipPip
  • 12 posts

Posted 31 October 2010 - 01:26 AM

So the scanner ran, but did not detect anything. I can now update AdAware.

However,

I cannot run Spybot S&D, Malwarebytes' Anti Malware, or Spyware Blaster. I have also had the blue screen of death 3 times now (latest today).

I was able to obtain a free year of McAfee. It detected 102 issues.

All 102 issues read:

SUSP_IRP_MJ_CREATE Status: Unable to delete

Full Path:
SUSP_IRP_MJ_CREATE

Threats Detected:
TDSS.c!mem (Trojan)

Thank You
-esm

#14 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 31 October 2010 - 11:22 AM

  • Please download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#15 Eric Simon McDonald

Eric Simon McDonald

    Member

  • Members
  • PipPip
  • 12 posts

Posted 31 October 2010 - 10:03 PM

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8E408000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7065600 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x8243B000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x8243B000 PnpManager 3903488 bytes
0x8243B000 RAW 3903488 bytes
0x8243B000 WMIxWDM 3903488 bytes
0x99E10000 Win32k 2109440 bytes
0x99E10000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x90200000 C:\Windows\system32\drivers\RTKVHDA.sys 1638400 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x9040B000 C:\Windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (Agere Systems, SoftModem Device Driver)
0x8840D000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x83006000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8320F000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D6000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAD0D0000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xABE05000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8EAC5000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8EB72000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8335A000 C:\Windows\system32\DRIVERS\athr.sys 528384 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x8060D000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82ABC000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8040C000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xABF0C000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x82A50000 C:\Windows\system32\drivers\mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0xAD082000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x90D1D000 C:\Windows\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0x8073F000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x90C06000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80696000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80495000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8EE34000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x82B50000 C:\Windows\system32\DRIVERS\TdxVgaMini.sys 253952 bytes (Magic Control Technology Corp., TARGUS USB 2.0 VGA DOCK DEVICE DRIVER)
0x83177000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x82BAF000 C:\Windows\system32\DRIVERS\TdxMrMini.sys 249856 bytes (Magic Control Technology Corp., TARGUS USB 2.0 VGA DOCK DEVICE DRIVER)
0x90C9C000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8313C000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xAD009000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8851D000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8EF50000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x83326000 C:\Windows\system32\DRIVERS\yk60x86.sys 212992 bytes (Marvell, NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller)
0x82408000 ACPI_HAL 208896 bytes
0x82408000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x82A0E000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8EF96000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8EE05000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8079E000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x90390000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x83111000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8EF0F000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xABEC5000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x831D8000 C:\Windows\system32\DRIVERS\Apfiltr.sys 163840 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xAD05A000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8856D000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x905C4000 C:\Windows\system32\drivers\mfewfpk.sys 159744 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0x806ED000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x805D4000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x903BD000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x90CF9000 C:\Windows\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x8EEA2000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x90D93000 C:\Windows\system32\DRIVERS\ATSwpDrv.sys 135168 bytes (AuthenTec, Inc., Slide Fingerprint USB Driver)
0x885A5000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x82B8E000 C:\Windows\system32\DRIVERS\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xABFC4000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x805B6000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xABF79000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x832F9000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8EFDA000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xABF96000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x82B38000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xAD042000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x90CE2000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8EE80000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x903E2000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xABFE3000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xAD1C4000 C:\Windows\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0x90C57000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x905AE000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xABFAF000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8EEE8000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8EED4000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x905EB000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x831C5000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x90536000 C:\Windows\system32\DRIVERS\MOBK755.sys 77824 bytes (Mozy, Inc., Mozy Change Monitor Filter Driver)
0xABEF9000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x90C89000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8EFC8000 C:\Windows\system32\drivers\usbaudio.sys 73728 bytes (Microsoft Corporation, USB Audio Class Driver)
0x88594000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8EF85000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047C000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x82A40000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x90DC3000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xABEB5000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x807CB000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x831B5000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8EEFD000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x83317000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x82AAD000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x90DEC000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8855E000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80714000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8EEC5000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x833E6000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80730000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x83200000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x9A050000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x90C6D000 C:\Windows\system32\DRIVERS\mfenlfk.sys 57344 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
0x90C7B000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x90597000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80790000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x90D68000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x90529000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8EF43000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80689000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xAD1E8000 C:\Windows\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0xAD1B8000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x90570000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8EB66000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x90D75000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x833F5000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0xAD1DA000 C:\Windows\system32\drivers\mfebopk.sys 45056 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0x82B2D000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x9058C000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8EE97000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8EE75000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x885F1000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x833DB000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80726000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x90D80000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x90DD3000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x807F5000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8EF39000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xABEEF000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x90CD8000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xAD1AE000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x90400000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0xAD1F4000 C:\Windows\system32\DRIVERS\WSDPrint.sys 40960 bytes (Microsoft Corporation, Web Services Print Device Driver)
0x885C6000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x90549000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x90DBA000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xAD000000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x807EC000 C:\Windows\system32\DRIVERS\o2media.sys 36864 bytes (O2Micro , o2media)
0x807E3000 C:\Windows\system32\DRIVERS\o2sd.sys 36864 bytes (O2Micro , O2Micro SD Reader Driver)
0x905A5000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x90D8A000 C:\Windows\system32\drivers\TdxVGAUSB.sys 36864 bytes (Magic Control Technology Corp., TARGUS USB 2.0 VGA DOCK DEVICE DRIVER)
0x9A030000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x88400000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806DC000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x90C4E000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x807DB000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048D000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x90DE4000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806E5000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x9057C000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x90584000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88556000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x90559000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x90569000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80789000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80405000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x90DDD000 C:\Windows\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0x90552000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x90DB4000 C:\Windows\system32\DRIVERS\ADM851X.SYS 24576 bytes (ADMtek Incorporated, ADMtek 851X Series AdapterNDIS 5.0 Miniport Driver)
0x8E402000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x90C00000 C:\Windows\system32\DRIVERS\u2s2kxp.sys 24576 bytes (Magic Control Technology Corp., USB to Serial Converter Driver for WIN2KXP)
0x885FC000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x80723000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x83314000 C:\Windows\system32\drivers\FBIOSDRV.SYS 12288 bytes (FUJITSU LIMITED, Fujitsu BIOS access driver)
0x8E400000 C:\Windows\system32\DRIVERS\FUJ02B1.sys 8192 bytes (FUJITSU LIMITED, WDM driver for FUJ02B1 PnP device)
0x88409000 C:\Windows\system32\DRIVERS\FUJ02E3.sys 8192 bytes (FUJITSU LIMITED, WDM driver for FUJ02E3 PnP device)
0x8EF0D000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x90527000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
!!!!!!!!!!!Hidden driver: 0x86CB7AEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x86C1D380 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0x807DB000 WARNING: suspicious driver modification [atapi.sys::0x86CB7AEA]
0x6B220000 Hidden Image-->System.Runtime.Serialization.ni.dll [ EPROCESS 0x8508E900 ] PID: 2576, 1196032 bytes
0x6C4B0000 Hidden Image-->System.ServiceModel.Web.ni.dll [ EPROCESS 0x8508E900 ] PID: 2576, 143360 bytes
0x6AEE0000 Hidden Image-->System.Core.ni.dll [ EPROCESS 0x8508E900 ] PID: 2576, 2375680 bytes
0x6BEC0000 Hidden Image-->System.Windows.Browser.ni.dll [ EPROCESS 0x8508E900 ] PID: 2576, 380928 bytes
0x66F70000 Hidden Image-->System.Windows.ni.dll [ EPROCESS 0x8508E900 ] PID: 2576, 4476928 bytes
0x68730000 Hidden Image-->mscorlib.ni.dll [ EPROCESS 0x8508E900 ] PID: 2576, 6197248 bytes
0x6B6A0000 Hidden Image-->System.Net.ni.dll [ EPROCESS 0x8508E900 ] PID: 2576, 659456 bytes
0x6B750000 Hidden Image-->System.ni.dll [ EPROCESS 0x8508E900 ] PID: 2576, 671744 bytes
0x6B5D0000 Hidden Image-->System.Xml.ni.dll [ EPROCESS 0x8508E900 ] PID: 2576, 847872 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01B9D.log
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010021.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010021.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010021.wid
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010023.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010023.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010023.wid
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010025.ci
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010025.dir
!-->[Hidden] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles0010025.wid
!-->[Hidden] C:\Qoobox\BackEnv\AppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cache.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cookies.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Desktop.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Favorites.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\History.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalAppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalSettings.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Music.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\NetHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Personal.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Pictures.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\PrintHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Programs.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Recent.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SendTo.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SetPath.bat
!-->[Hidden] C:\Qoobox\BackEnv\StartMenu.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\StartUp.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SysPath.dat
!-->[Hidden] C:\Qoobox\BackEnv\Templates.folder.dat
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x824E37AA-->824E37B1 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x8264B4FA-->82A8306C [mfehidk.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x8262BDA3-->82A83096 [mfehidk.sys]
ntkrnlpa.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x8264B7BD-->82A83082 [mfehidk.sys]
ntkrnlpa.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x824669D2-->82A83058 [mfehidk.sys]
[1052]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77803BA9-->00000000 [unknown_code_page]
[1052]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x778039AB-->00000000 [unknown_code_page]
[1052]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x778141F1-->00000000 [unknown_code_page]
[1052]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7781391E-->00000000 [unknown_code_page]
[1052]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x778089C7-->00000000 [unknown_code_page]
[1052]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77817C42-->00000000 [unknown_code_page]
[1052]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77827BA1-->00000000 [unknown_code_page]
[1052]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x7781E2B5-->00000000 [unknown_code_page]
[1052]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7725CE5F-->00000000 [unknown_code_page]
[1052]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7725AECB-->00000000 [unknown_code_page]
[1052]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x77212EF5-->00000000 [unknown_code_page]
[1052]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77215C0C-->00000000 [unknown_code_page]
[1052]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77238E6E-->00000000 [unknown_code_page]
[1052]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77211C28-->00000000 [unknown_code_page]
[1052]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77211BF3-->00000000 [unknown_code_page]
[1052]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7725903B-->00000000 [unknown_code_page]
[1052]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x772119C9-->00000000 [unknown_code_page]
[1052]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77211929-->00000000 [unknown_code_page]
[1052]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x772394DC-->00000000 [unknown_code_page]
[1052]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x772394B4-->00000000 [unknown_code_page]
[1052]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x77239109-->00000000 [unknown_code_page]
[1052]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x77239362-->00000000 [unknown_code_page]
[1052]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77211DC3-->00000000 [unknown_code_page]
[1052]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7723DBDA-->00000000 [unknown_code_page]
[1052]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x772A5CF7-->00000000 [unknown_code_page]
[1052]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77A943D4-->00000000 [unknown_code_page]
[1052]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77A94494-->00000000 [unknown_code_page]
[1052]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77A94D34-->00000000 [unknown_code_page]
[1052]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x77B736D1-->00000000 [unknown_code_page]
[1100]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77803BA9-->00000000 [unknown_code_page]
[1100]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x778039AB-->00000000 [unknown_code_page]
[1100]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x778141F1-->00000000 [unknown_code_page]
[1100]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7781391E-->00000000 [unknown_code_page]
[1100]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x778089C7-->00000000 [unknown_code_page]
[1100]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77817C42-->00000000 [unknown_code_page]
[1100]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77827BA1-->00000000 [unknown_code_page]
[1100]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x7781E2B5-->00000000 [unknown_code_page]
[1100]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7725CE5F-->00000000 [unknown_code_page]
[1100]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7725AECB-->00000000 [unknown_code_page]
[1100]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x77212EF5-->00000000 [unknown_code_page]
[1100]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77215C0C-->00000000 [unknown_code_page]
[1100]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77238E6E-->00000000 [unknown_code_page]
[1100]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77211C28-->00000000 [unknown_code_page]
[1100]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77211BF3-->00000000 [unknown_code_page]
[1100]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7725903B-->00000000 [unknown_code_page]
[1100]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x772119C9-->00000000 [unknown_code_page]
[1100]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77211929-->00000000 [unknown_code_page]
[1100]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x772394DC-->00000000 [unknown_code_page]
[1100]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x772394B4-->00000000 [unknown_code_page]
[1100]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x77239109-->00000000 [unknown_code_page]
[1100]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x77239362-->00000000 [unknown_code_page]
[1100]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77211DC3-->00000000 [unknown_code_page]
[1100]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7723DBDA-->00000000 [unknown_code_page]
[1100]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x772A5CF7-->00000000 [unknown_code_page]
[1100]svchost.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[1100]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77A943D4-->00000000 [unknown_code_page]
[1100]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77A94494-->00000000 [unknown_code_page]
[1100]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77A94D34-->00000000 [unknown_code_page]
[1100]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x770FD47D-->00000000 [unknown_code_page]
[1100]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x770FFE4B-->00000000 [unknown_code_page]
[1100]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77149139-->00000000 [unknown_code_page]
[1100]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x770FD7DA-->00000000 [unknown_code_page]
[1100]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x77B736D1-->00000000 [unknown_code_page]
[1176]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77803BA9-->00000000 [unknown_code_page]
[1176]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x778039AB-->00000000 [unknown_code_page]
[1176]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x778141F1-->00000000 [unknown_code_page]
[1176]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7781391E-->00000000 [unknown_code_page]
[1176]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x778089C7-->00000000 [unknown_code_page]
[1176]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77817C42-->00000000 [unknown_code_page]
[1176]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77827BA1-->00000000 [unknown_code_page]
[1176]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x7781E2B5-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7725CE5F-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7725AECB-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x77212EF5-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77215C0C-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77238E6E-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77211C28-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77211BF3-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7725903B-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x772119C9-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77211929-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x772394DC-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x772394B4-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x77239109-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x77239362-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77211DC3-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7723DBDA-->00000000 [unknown_code_page]
[1176]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x772A5CF7-->00000000 [unknown_code_page]
[1176]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77A943D4-->00000000 [unknown_code_page]
[1176]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77A94494-->00000000 [unknown_code_page]
[1176]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77A94D34-->00000000 [unknown_code_page]
[1176]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x770FD47D-->00000000 [unknown_code_page]
[1176]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x770FFE4B-->00000000 [unknown_code_page]
[1176]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77149139-->00000000 [unknown_code_page]
[1176]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x770FD7DA-->00000000 [unknown_code_page]
[1176]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x77B736D1-->00000000 [unknown_code_page]
[1240]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77803BA9-->00000000 [unknown_code_page]
[1240]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x778039AB-->00000000 [unknown_code_page]
[1240]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x778141F1-->00000000 [unknown_code_page]
[1240]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7781391E-->00000000 [unknown_code_page]
[1240]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x778089C7-->00000000 [unknown_code_page]
[1240]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77817C42-->00000000 [unknown_code_page]
[1240]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77827BA1-->00000000 [unknown_code_page]
[1240]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x7781E2B5-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7725CE5F-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7725AECB-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x77212EF5-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77215C0C-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77238E6E-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77211C28-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77211BF3-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7725903B-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x772119C9-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77211929-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x772394DC-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x772394B4-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x77239109-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x77239362-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77211DC3-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7723DBDA-->00000000 [unknown_code_page]
[1240]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x772A5CF7-->00000000 [unknown_code_page]
[1240]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77A943D4-->00000000 [unknown_code_page]
[1240]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77A94494-->00000000 [unknown_code_page]
[1240]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77A94D34-->00000000 [unknown_code_page]
[1240]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x77B736D1-->00000000 [unknown_code_page]
[1248]IndicatorUty.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[124]updatenv.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[1292]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77803BA9-->00000000 [unknown_code_page]
[1292]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x778039AB-->00000000 [unknown_code_page]
[1292]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x778141F1-->00000000 [unknown_code_page]
[1292]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7781391E-->00000000 [unknown_code_page]
[1292]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x778089C7-->00000000 [unknown_code_page]
[1292]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77817C42-->00000000 [unknown_code_page]
[1292]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77827BA1-->00000000 [unknown_code_page]
[1292]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x7781E2B5-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7725CE5F-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7725AECB-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x77212EF5-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77215C0C-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77238E6E-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77211C28-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77211BF3-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7725903B-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x772119C9-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77211929-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x772394DC-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x772394B4-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x77239109-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x77239362-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77211DC3-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7723DBDA-->00000000 [unknown_code_page]
[1292]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x772A5CF7-->00000000 [unknown_code_page]
[1292]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77A943D4-->00000000 [unknown_code_page]
[1292]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77A94494-->00000000 [unknown_code_page]
[1292]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77A94D34-->00000000 [unknown_code_page]
[1292]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x770FD47D-->00000000 [unknown_code_page]
[1292]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x770FFE4B-->00000000 [unknown_code_page]
[1292]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77149139-->00000000 [unknown_code_page]
[1292]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x770FD7DA-->00000000 [unknown_code_page]
[1292]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x77B736D1-->00000000 [unknown_code_page]
[1364]audiodg.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[1412]SLsvc.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77803BA9-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x778039AB-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x778141F1-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7781391E-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x778089C7-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77817C42-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77827BA1-->00000000 [unknown_code_page]
[1520]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x7781E2B5-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7725CE5F-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7725AECB-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x77212EF5-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77215C0C-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77238E6E-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77211C28-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77211BF3-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7725903B-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x772119C9-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77211929-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x772394DC-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x772394B4-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x77239109-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x77239362-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77211DC3-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7723DBDA-->00000000 [unknown_code_page]
[1520]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x772A5CF7-->00000000 [unknown_code_page]
[1520]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77A943D4-->00000000 [unknown_code_page]
[1520]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77A94494-->00000000 [unknown_code_page]
[1520]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77A94D34-->00000000 [unknown_code_page]
[1520]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x770FD47D-->00000000 [unknown_code_page]
[1520]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x770FFE4B-->00000000 [unknown_code_page]
[1520]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77149139-->00000000 [unknown_code_page]
[1520]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x770FD7DA-->00000000 [unknown_code_page]
[1520]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x77B736D1-->00000000 [unknown_code_page]
[1576]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[1576]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[1576]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[1576]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[1648]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77803BA9-->00000000 [unknown_code_page]
[1648]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x778039AB-->00000000 [unknown_code_page]
[1648]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x778141F1-->00000000 [unknown_code_page]
[1648]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7781391E-->00000000 [unknown_code_page]
[1648]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x778089C7-->00000000 [unknown_code_page]
[1648]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77817C42-->00000000 [unknown_code_page]
[1648]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77827BA1-->00000000 [unknown_code_page]
[1648]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x7781E2B5-->00000000 [unknown_code_page]
[1648]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7725CE5F-->00000000 [unknown_code_page]
[1648]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7725AECB-->00000000 [unknown_code_page]
[1648]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x77212EF5-->00000000 [unknown_code_page]
[1648]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77215C0C-->00000000 [unknown_code_page]
[1648]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77238E6E-->00000000 [unknown_code_page]
[1648]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77211C28-->00000000 [unknown_code_page]
[1648]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77211BF3-->00000000 [unknown_code_page]
[1648]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7725903B-->00000000 [unknown_code_page]
[1648]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x772119C9-->00000000 [unknown_code_page]
[1648]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77211929-->00000000 [unknown_code_page]
[1648]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x772394DC-->00000000 [unknown_code_page]
[1648]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x772394B4-->00000000 [unknown_code_page]
[1648]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x77239109-->00000000 [unknown_code_page]
[1648]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x77239362-->00000000 [unknown_code_page]
[1648]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77211DC3-->00000000 [unknown_code_page]
[1648]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7723DBDA-->00000000 [unknown_code_page]
[1648]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x772A5CF7-->00000000 [unknown_code_page]
[1648]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77A943D4-->00000000 [unknown_code_page]
[1648]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77A94494-->00000000 [unknown_code_page]
[1648]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77A94D34-->00000000 [unknown_code_page]
[1648]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x770FD47D-->00000000 [unknown_code_page]
[1648]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x770FFE4B-->00000000 [unknown_code_page]
[1648]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77149139-->00000000 [unknown_code_page]
[1648]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x770FD7DA-->00000000 [unknown_code_page]
[1648]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x77B736D1-->00000000 [unknown_code_page]
[1732]MOBK755backup.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[188]FJSaver.scr-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[1920]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77803BA9-->00000000 [unknown_code_page]
[1920]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x778039AB-->00000000 [unknown_code_page]
[1920]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x778141F1-->00000000 [unknown_code_page]
[1920]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7781391E-->00000000 [unknown_code_page]
[1920]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x778089C7-->00000000 [unknown_code_page]
[1920]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77817C42-->00000000 [unknown_code_page]
[1920]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77827BA1-->00000000 [unknown_code_page]
[1920]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x7781E2B5-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7725CE5F-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7725AECB-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x77212EF5-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77215C0C-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77238E6E-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77211C28-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77211BF3-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7725903B-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x772119C9-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77211929-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x772394DC-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x772394B4-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x77239109-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x77239362-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77211DC3-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7723DBDA-->00000000 [unknown_code_page]
[1920]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x772A5CF7-->00000000 [unknown_code_page]
[1920]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77A943D4-->00000000 [unknown_code_page]
[1920]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77A94494-->00000000 [unknown_code_page]
[1920]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77A94D34-->00000000 [unknown_code_page]
[1920]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x77B736D1-->00000000 [unknown_code_page]
[2040]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77803BA9-->00000000 [unknown_code_page]
[2040]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x778039AB-->00000000 [unknown_code_page]
[2040]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x778141F1-->00000000 [unknown_code_page]
[2040]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7781391E-->00000000 [unknown_code_page]
[2040]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x778089C7-->00000000 [unknown_code_page]
[2040]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77817C42-->00000000 [unknown_code_page]
[2040]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77827BA1-->00000000 [unknown_code_page]
[2040]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x7781E2B5-->00000000 [unknown_code_page]
[2040]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7725CE5F-->00000000 [unknown_code_page]
[2040]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7725AECB-->00000000 [unknown_code_page]
[2040]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x77212EF5-->00000000 [unknown_code_page]
[2040]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77215C0C-->00000000 [unknown_code_page]
[2040]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77238E6E-->00000000 [unknown_code_page]
[2040]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77211C28-->00000000 [unknown_code_page]
[2040]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77211BF3-->00000000 [unknown_code_page]
[2040]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7725903B-->00000000 [unknown_code_page]
[2040]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x772119C9-->00000000 [unknown_code_page]
[2040]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77211929-->00000000 [unknown_code_page]
[2040]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x772394DC-->00000000 [unknown_code_page]
[2040]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x772394B4-->00000000 [unknown_code_page]
[2040]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x77239109-->00000000 [unknown_code_page]
[2040]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x77239362-->00000000 [unknown_code_page]
[2040]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77211DC3-->00000000 [unknown_code_page]
[2040]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7723DBDA-->00000000 [unknown_code_page]
[2040]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x772A5CF7-->00000000 [unknown_code_page]
[2040]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77A943D4-->00000000 [unknown_code_page]
[2040]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77A94494-->00000000 [unknown_code_page]
[2040]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77A94D34-->00000000 [unknown_code_page]
[2040]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x77B736D1-->00000000 [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77803BA9-->00000000 [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x778039AB-->00000000 [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x778141F1-->00000000 [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7781391E-->00000000 [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x778089C7-->00000000 [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77817C42-->00000000 [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77827BA1-->00000000 [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x7781E2B5-->00000000 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7725CE5F-->00000000 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7725AECB-->00000000 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x77212EF5-->00000000 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77215C0C-->00000000 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77238E6E-->00000000 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77211C28-->00000000 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77211BF3-->00000000 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7725903B-->00000000 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x772119C9-->00000000 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77211929-->00000000 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x772394DC-->00000000 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x772394B4-->00000000 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x77239109-->00000000 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x77239362-->00000000 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77211DC3-->00000000 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7723DBDA-->00000000 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x772A5CF7-->00000000 [unknown_code_page]
[2068]svchost.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[2068]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77A943D4-->00000000 [unknown_code_page]
[2068]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77A94494-->00000000 [unknown_code_page]
[2068]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77A94D34-->00000000 [unknown_code_page]
[2068]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x77B736D1-->00000000 [unknown_code_page]
[2092]taskeng.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[2264]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77803BA9-->00000000 [unknown_code_page]
[2264]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x778039AB-->00000000 [unknown_code_page]
[2264]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x778141F1-->00000000 [unknown_code_page]
[2264]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7781391E-->00000000 [unknown_code_page]
[2264]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x778089C7-->00000000 [unknown_code_page]
[2264]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77817C42-->00000000 [unknown_code_page]
[2264]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77827BA1-->00000000 [unknown_code_page]
[2264]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x7781E2B5-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7725CE5F-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7725AECB-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x77212EF5-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77215C0C-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77238E6E-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77211C28-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77211BF3-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7725903B-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x772119C9-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77211929-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x772394DC-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x772394B4-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x77239109-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x77239362-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77211DC3-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7723DBDA-->00000000 [unknown_code_page]
[2264]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x772A5CF7-->00000000 [unknown_code_page]
[2264]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77A943D4-->00000000 [unknown_code_page]
[2264]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77A94494-->00000000 [unknown_code_page]
[2264]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77A94D34-->00000000 [unknown_code_page]
[2264]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x77B736D1-->00000000 [unknown_code_page]
[2636]ApntEx.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[2916]jusched.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[2920]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77803BA9-->00000000 [unknown_code_page]
[2920]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x778039AB-->00000000 [unknown_code_page]
[2920]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x778141F1-->00000000 [unknown_code_page]
[2920]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7781391E-->00000000 [unknown_code_page]
[2920]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x778089C7-->00000000 [unknown_code_page]
[2920]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77817C42-->00000000 [unknown_code_page]
[2920]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77827BA1-->00000000 [unknown_code_page]
[2920]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x7781E2B5-->00000000 [unknown_code_page]
[2920]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7725CE5F-->00000000 [unknown_code_page]
[2920]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7725AECB-->00000000 [unknown_code_page]
[2920]explorer.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x77212EF5-->00000000 [unknown_code_page]
[2920]explorer.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77215C0C-->00000000 [unknown_code_page]
[2920]explorer.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77238E6E-->00000000 [unknown_code_page]
[2920]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77211C28-->00000000 [unknown_code_page]
[2920]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77211BF3-->00000000 [unknown_code_page]
[2920]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7725903B-->00000000 [unknown_code_page]
[2920]explorer.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x772119C9-->00000000 [unknown_code_page]
[2920]explorer.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77211929-->00000000 [unknown_code_page]
[2920]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x772394DC-->00000000 [unknown_code_page]
[2920]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x772394B4-->00000000 [unknown_code_page]
[2920]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x77239109-->00000000 [unknown_code_page]
[2920]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x77239362-->00000000 [unknown_code_page]
[2920]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77211DC3-->00000000 [unknown_code_page]
[2920]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7723DBDA-->00000000 [unknown_code_page]
[2920]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x772A5CF7-->00000000 [unknown_code_page]
[2920]explorer.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[2920]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77A943D4-->00000000 [unknown_code_page]
[2920]explorer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77A94494-->00000000 [unknown_code_page]
[2920]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77A94D34-->00000000 [unknown_code_page]
[2920]explorer.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x770FD47D-->00000000 [unknown_code_page]
[2920]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x770FFE4B-->00000000 [unknown_code_page]
[2920]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77149139-->00000000 [unknown_code_page]
[2920]explorer.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x770FD7DA-->00000000 [unknown_code_page]
[2920]explorer.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x77B736D1-->00000000 [unknown_code_page]
[2944]Apoint.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[3012]dwm.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[3368]AAWTray.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[3444]FUJ02E3.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[3480]QuickTouch.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[3496]wpcumi.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[3516]ehmsas.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[3544]Hidfind.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[3588]mcagent.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[3656]RtHDVCpl.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[3716]BtnHnd.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[3744]ehtray.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[3972]ApMsgFwd.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[3988]DefMgr.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[4052]MOBK755backup.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[648]McSvHost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x772394DC-->00000000 [McProxy.dll]
[648]McSvHost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x77239362-->00000000 [McProxy.dll]
[780]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77803BA9-->00000000 [unknown_code_page]
[780]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x778039AB-->00000000 [unknown_code_page]
[780]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x778141F1-->00000000 [unknown_code_page]
[780]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7781391E-->00000000 [unknown_code_page]
[780]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x778089C7-->00000000 [unknown_code_page]
[780]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77817C42-->00000000 [unknown_code_page]
[780]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77827BA1-->00000000 [unknown_code_page]
[780]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x7781E2B5-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7725CE5F-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7725AECB-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x77212EF5-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77215C0C-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77238E6E-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77211C28-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77211BF3-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7725903B-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x772119C9-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77211929-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x772394DC-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x772394B4-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x77239109-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x77239362-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77211DC3-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7723DBDA-->00000000 [unknown_code_page]
[780]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x772A5CF7-->00000000 [unknown_code_page]
[780]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77A943D4-->00000000 [unknown_code_page]
[780]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77A94494-->00000000 [unknown_code_page]
[780]services.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77A94D34-->00000000 [unknown_code_page]
[780]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x77B736D1-->00000000 [unknown_code_page]
[800]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77803BA9-->00000000 [unknown_code_page]
[800]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x778039AB-->00000000 [unknown_code_page]
[800]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x778141F1-->00000000 [unknown_code_page]
[800]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7781391E-->00000000 [unknown_code_page]
[800]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x778089C7-->00000000 [unknown_code_page]
[800]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77817C42-->00000000 [unknown_code_page]
[800]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77827BA1-->00000000 [unknown_code_page]
[800]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x7781E2B5-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7725CE5F-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7725AECB-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x77212EF5-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77215C0C-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77238E6E-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77211C28-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77211BF3-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7725903B-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x772119C9-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77211929-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x772394DC-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x772394B4-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x77239109-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x77239362-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77211DC3-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7723DBDA-->00000000 [unknown_code_page]
[800]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x772A5CF7-->00000000 [unknown_code_page]
[800]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77A943D4-->00000000 [unknown_code_page]
[800]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77A94494-->00000000 [unknown_code_page]
[800]lsass.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77A94D34-->00000000 [unknown_code_page]
[800]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x77B736D1-->00000000 [unknown_code_page]
[808]lsm.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[832]winlogon.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77803BA9-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x778039AB-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x778141F1-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7781391E-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x778089C7-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77817C42-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77827BA1-->00000000 [unknown_code_page]
[896]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x7781E2B5-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7725CE5F-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7725AECB-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x77212EF5-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77215C0C-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77238E6E-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77211C28-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77211BF3-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7725903B-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x772119C9-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77211929-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x772394DC-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x772394B4-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x77239109-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x77239362-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77211DC3-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7723DBDA-->00000000 [unknown_code_page]
[896]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x772A5CF7-->00000000 [unknown_code_page]
[896]svchost.exe-->mswsock.dll-->WSPStartup, Type: Inline - RelativeJump 0x76048620-->00000000 [unknown_code_page]
[896]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77A943D4-->00000000 [unknown_code_page]
[896]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77A94494-->00000000 [unknown_code_page]
[896]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77A94D34-->00000000 [unknown_code_page]
[896]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x77B736D1-->00000000 [unknown_code_page]
[992]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77803BA9-->00000000 [unknown_code_page]
[992]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x778039AB-->00000000 [unknown_code_page]
[992]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x778141F1-->00000000 [unknown_code_page]
[992]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x7781391E-->00000000 [unknown_code_page]
[992]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x778089C7-->00000000 [unknown_code_page]
[992]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77817C42-->00000000 [unknown_code_page]
[992]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77827BA1-->00000000 [unknown_code_page]
[992]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x7781E2B5-->00000000 [unknown_code_page]
[992]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7725CE5F-->00000000 [unknown_code_page]
[992]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7725AECB-->00000000 [unknown_code_page]
[992]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x77212EF5-->00000000 [unknown_code_page]
[992]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77215C0C-->00000000 [unknown_code_page]
[992]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77238E6E-->00000000 [unknown_code_page]
[992]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77211C28-->00000000 [unknown_code_page]
[992]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77211BF3-->00000000 [unknown_code_page]
[992]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7725903B-->00000000 [unknown_code_page]
[992]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x772119C9-->00000000 [unknown_code_page]
[992]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77211929-->00000000 [unknown_code_page]
[992]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x772394DC-->00000000 [unknown_code_page]
[992]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x772394B4-->00000000 [unknown_code_page]
[992]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x77239109-->00000000 [unknown_code_page]
[992]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x77239362-->00000000 [unknown_code_page]
[992]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77211DC3-->00000000 [unknown_code_page]
[992]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7723DBDA-->00000000 [unknown_code_page]
[992]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x772A5CF7-->00000000 [unknown_code_page]
[992]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77A943D4-->00000000 [unknown_code_page]
[992]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77A94494-->00000000 [unknown_code_page]
[992]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77A94D34-->00000000 [unknown_code_page]
[992]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x77B736D1-->00000000 [unknown_code_page]

#16 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 01 November 2010 - 07:35 AM

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#17 Eric Simon McDonald

Eric Simon McDonald

    Member

  • Members
  • PipPip
  • 12 posts

Posted 06 November 2010 - 10:11 PM

I could not find the log file.

However, McAfee does not detect the TDSS.

Also I am no longer being redirected to websites online and there are no longer any pop ups/unders.

I can run and update all anti spyware.

Computer is still running a little slow, but not too bad.

Thanks for your help.

#18 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 06 November 2010 - 10:15 PM

I could not find the log file.

Did you run TDSSKiller? If you did there should be a log there.

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
DIR c:\*.txt >Log.txt
START Log.txt
DEL %0

Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#19 Eric Simon McDonald

Eric Simon McDonald

    Member

  • Members
  • PipPip
  • 12 posts

Posted 08 November 2010 - 03:44 AM

Volume in drive C has no label.
Volume Serial Number is A6DC-BB97

Directory of c:\

04/18/2010 04:09 PM 192 BnetLog.txt
10/27/2010 11:42 PM 12,907 ComboFix.txt
11/01/2010 12:36 PM 64,308 TDSSKiller.2.4.5.1_01.11.2010_13.35.02_log.txt
11/01/2010 12:51 PM 62,470 TDSSKiller.2.4.5.1_01.11.2010_13.49.57_log.txt
4 File(s) 139,877 bytes
0 Dir(s) 57,285,230,592 bytes free

#20 Eric Simon McDonald

Eric Simon McDonald

    Member

  • Members
  • PipPip
  • 12 posts

Posted 08 November 2010 - 03:47 AM

found it.

2010/11/01 13:35:02.0643 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/11/01 13:35:02.0643 ================================================================================
2010/11/01 13:35:02.0643 SystemInfo:
2010/11/01 13:35:02.0643
2010/11/01 13:35:02.0643 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/01 13:35:02.0643 Product type: Workstation
2010/11/01 13:35:02.0643 ComputerName: ERIC-PC
2010/11/01 13:35:02.0643 UserName: Eric
2010/11/01 13:35:02.0643 Windows directory: C:\Windows
2010/11/01 13:35:02.0643 System windows directory: C:\Windows
2010/11/01 13:35:02.0643 Processor architecture: Intel x86
2010/11/01 13:35:02.0643 Number of processors: 2
2010/11/01 13:35:02.0643 Page size: 0x1000
2010/11/01 13:35:02.0643 Boot type: Normal boot
2010/11/01 13:35:02.0643 ================================================================================
2010/11/01 13:35:08.0992 Initialize success
2010/11/01 13:35:12.0689 ================================================================================
2010/11/01 13:35:12.0689 Scan started
2010/11/01 13:35:12.0689 Mode: Manual;
2010/11/01 13:35:12.0689 ================================================================================
2010/11/01 13:35:14.0046 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/11/01 13:35:14.0155 ADM851X (18b9e3affff9a3e65c4bce114fca297c) C:\Windows\system32\DRIVERS\ADM851X.SYS
2010/11/01 13:35:14.0483 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/11/01 13:35:14.0577 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/11/01 13:35:14.0655 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/11/01 13:35:14.0717 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/11/01 13:35:14.0889 ADVNTDRV (e341a95c1329e272782b2baecc64316a) C:\Windows\System32\drivers\ADVNTDRV.SYS
2010/11/01 13:35:15.0029 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/11/01 13:35:15.0403 AgereSoftModem (2e3abaacbf547abbb5e73a504a56d05a) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/11/01 13:35:15.0591 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/11/01 13:35:15.0653 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/01 13:35:15.0715 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/11/01 13:35:15.0778 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/11/01 13:35:15.0825 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/11/01 13:35:15.0949 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/11/01 13:35:16.0012 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/11/01 13:35:16.0105 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/11/01 13:35:16.0277 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/11/01 13:35:16.0339 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/11/01 13:35:16.0464 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/01 13:35:16.0558 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/11/01 13:35:16.0683 athr (889e7f06279fd16549b77628918ff666) C:\Windows\system32\DRIVERS\athr.sys
2010/11/01 13:35:16.0776 ATSWPDRV (fb2162aff83d519cd77431a1bc5ee0ed) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
2010/11/01 13:35:16.0948 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/11/01 13:35:17.0151 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/01 13:35:17.0244 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/01 13:35:17.0353 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/11/01 13:35:17.0431 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/01 13:35:17.0634 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/01 13:35:17.0712 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/01 13:35:17.0806 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/01 13:35:17.0931 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/11/01 13:35:18.0102 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/01 13:35:18.0211 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/01 13:35:18.0367 cfwids (426ee59b25988bb3382fc0a3655deaa2) C:\Windows\system32\drivers\cfwids.sys
2010/11/01 13:35:18.0445 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/11/01 13:35:18.0539 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/11/01 13:35:18.0742 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/01 13:35:18.0804 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/11/01 13:35:18.0913 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/01 13:35:19.0116 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/11/01 13:35:19.0241 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/11/01 13:35:19.0381 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/11/01 13:35:19.0553 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/11/01 13:35:19.0678 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2010/11/01 13:35:19.0756 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/11/01 13:35:19.0912 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
2010/11/01 13:35:19.0990 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/11/01 13:35:20.0068 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/11/01 13:35:20.0208 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/01 13:35:20.0380 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/01 13:35:20.0489 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/11/01 13:35:20.0645 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/11/01 13:35:20.0832 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/11/01 13:35:20.0941 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/11/01 13:35:21.0066 FBIOSDRV (f64b86a52fb20686954703a6f7a955d5) C:\Windows\system32\drivers\FBIOSDRV.SYS
2010/11/01 13:35:21.0129 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/01 13:35:21.0269 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/11/01 13:35:21.0347 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/11/01 13:35:21.0441 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/01 13:35:21.0503 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/11/01 13:35:21.0628 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/01 13:35:21.0737 FUJ02B1 (49e588ac7d2b57f057756a91c6f36d25) C:\Windows\system32\DRIVERS\FUJ02B1.sys
2010/11/01 13:35:21.0831 FUJ02E3 (d45474a7e5e2f35150c29a3193747884) C:\Windows\system32\DRIVERS\FUJ02E3.sys
2010/11/01 13:35:21.0893 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/01 13:35:22.0002 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/11/01 13:35:22.0096 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/11/01 13:35:22.0205 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/01 13:35:22.0345 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/11/01 13:35:22.0408 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/11/01 13:35:22.0486 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/01 13:35:22.0548 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/11/01 13:35:22.0689 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/11/01 13:35:22.0876 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/11/01 13:35:23.0016 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/01 13:35:23.0157 ialm (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/11/01 13:35:23.0344 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/11/01 13:35:23.0500 igfx (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/11/01 13:35:23.0593 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/01 13:35:23.0781 IntcAzAudAddService (67e40fa2e4f2b70e8b3c8597a38f3a49) C:\Windows\system32\drivers\RTKVHDA.sys
2010/11/01 13:35:24.0124 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/11/01 13:35:24.0202 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/01 13:35:24.0420 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/01 13:35:24.0607 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/01 13:35:24.0685 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/01 13:35:24.0795 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/11/01 13:35:24.0873 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/11/01 13:35:24.0997 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/01 13:35:25.0075 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/01 13:35:25.0169 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/01 13:35:25.0247 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/01 13:35:25.0372 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/01 13:35:25.0481 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/01 13:35:25.0684 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/11/01 13:35:25.0824 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
2010/11/01 13:35:25.0902 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/01 13:35:26.0011 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/01 13:35:26.0074 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/01 13:35:26.0230 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/01 13:35:26.0308 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/11/01 13:35:26.0542 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/11/01 13:35:26.0682 mfeapfk (5bd0c401a8ee4a54f6176c0a10d595ae) C:\Windows\system32\drivers\mfeapfk.sys
2010/11/01 13:35:26.0791 mfeavfk (f3bb4dc61b4dc662bdc778cf1634fae1) C:\Windows\system32\drivers\mfeavfk.sys
2010/11/01 13:35:26.0932 mfebopk (b1498db38d129ed31650422fc8bab9c5) C:\Windows\system32\drivers\mfebopk.sys
2010/11/01 13:35:27.0072 mfefirek (51e9ccea45c78858a229afb6e682cf41) C:\Windows\system32\drivers\mfefirek.sys
2010/11/01 13:35:27.0197 mfehidk (32f7298664874715ce469a79078853c4) C:\Windows\system32\drivers\mfehidk.sys
2010/11/01 13:35:27.0291 mfenlfk (e920bfd5837aed4aef903cf1c7d3949e) C:\Windows\system32\DRIVERS\mfenlfk.sys
2010/11/01 13:35:27.0369 mferkdet (858337b64484cd80eee7d2eba5ac61bc) C:\Windows\system32\drivers\mferkdet.sys
2010/11/01 13:35:27.0525 mfewfpk (dcfbf068951fb4086c6aef99c6330516) C:\Windows\system32\drivers\mfewfpk.sys
2010/11/01 13:35:27.0712 MOBK755Filter (720f2e1759526ec6d6d95cb284cf62d9) C:\Windows\system32\DRIVERS\MOBK755.sys
2010/11/01 13:35:27.0790 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/11/01 13:35:27.0930 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/01 13:35:28.0039 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/01 13:35:28.0117 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/01 13:35:28.0211 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/11/01 13:35:28.0336 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/11/01 13:35:28.0461 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/01 13:35:28.0539 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/01 13:35:28.0632 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/01 13:35:28.0757 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/01 13:35:28.0819 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/01 13:35:28.0897 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/01 13:35:28.0975 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2010/11/01 13:35:29.0069 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/11/01 13:35:29.0225 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/11/01 13:35:29.0303 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/11/01 13:35:29.0412 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/01 13:35:29.0521 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/01 13:35:29.0631 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/11/01 13:35:29.0740 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/11/01 13:35:29.0849 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/01 13:35:29.0927 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/11/01 13:35:30.0083 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/11/01 13:35:30.0286 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/01 13:35:30.0457 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/11/01 13:35:30.0567 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/01 13:35:30.0645 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/01 13:35:30.0785 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/01 13:35:30.0847 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/11/01 13:35:30.0957 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/01 13:35:31.0081 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/01 13:35:31.0534 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2010/11/01 13:35:31.0721 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/01 13:35:31.0877 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/11/01 13:35:32.0002 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/01 13:35:32.0236 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/11/01 13:35:32.0470 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/01 13:35:32.0610 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/11/01 13:35:32.0719 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/11/01 13:35:32.0782 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/11/01 13:35:32.0860 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/11/01 13:35:32.0922 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/11/01 13:35:33.0172 O2MDRDR (f4aa04f7ba01d54b31f14841386cc60b) C:\Windows\system32\DRIVERS\o2media.sys
2010/11/01 13:35:33.0234 O2SDRDR (bfd27594e1ff49ddff3c23dae246ad44) C:\Windows\system32\DRIVERS\o2sd.sys
2010/11/01 13:35:33.0343 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/01 13:35:33.0468 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/11/01 13:35:33.0593 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/11/01 13:35:33.0655 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/11/01 13:35:33.0733 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/11/01 13:35:33.0936 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2010/11/01 13:35:34.0061 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/11/01 13:35:34.0186 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/01 13:35:34.0529 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/01 13:35:34.0685 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/11/01 13:35:34.0841 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/01 13:35:34.0950 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/11/01 13:35:35.0106 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/01 13:35:35.0200 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/01 13:35:35.0262 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/01 13:35:35.0371 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/01 13:35:35.0527 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/01 13:35:35.0621 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/01 13:35:35.0715 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/01 13:35:35.0824 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/01 13:35:35.0949 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/11/01 13:35:36.0011 RDPENCDD (16e5f7d375e18b1685c166b2638818f6) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/01 13:35:36.0011 Suspicious file (Forged): C:\Windows\system32\drivers\rdpencdd.sys. Real md5: 16e5f7d375e18b1685c166b2638818f6, Fake md5: 9d91fe5286f748862ecffa05f8a0710c
2010/11/01 13:35:36.0027 RDPENCDD - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/11/01 13:35:36.0136 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/11/01 13:35:36.0292 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/01 13:35:36.0417 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/01 13:35:36.0573 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
2010/11/01 13:35:36.0666 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/01 13:35:36.0775 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/01 13:35:36.0900 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2010/11/01 13:35:36.0963 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/11/01 13:35:37.0087 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/11/01 13:35:37.0150 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/01 13:35:37.0212 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/01 13:35:37.0306 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/11/01 13:35:37.0384 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/11/01 13:35:37.0462 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/11/01 13:35:37.0540 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/11/01 13:35:37.0727 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/11/01 13:35:37.0852 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/11/01 13:35:37.0961 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/11/01 13:35:38.0055 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/01 13:35:38.0164 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/01 13:35:38.0320 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/01 13:35:38.0398 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/01 13:35:38.0460 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/01 13:35:38.0554 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/01 13:35:38.0710 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/11/01 13:35:38.0959 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/01 13:35:39.0069 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/01 13:35:39.0162 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/11/01 13:35:39.0225 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/11/01 13:35:39.0318 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/01 13:35:39.0474 TdxMrMINI (166fdd73d12db308e353b9e235056eb0) C:\Windows\system32\DRIVERS\TdxMrMini.sys
2010/11/01 13:35:39.0599 TdxVGAMINI (f3d0f7fccf4a3780cc9d21204038b211) C:\Windows\system32\DRIVERS\TdxVgaMini.sys
2010/11/01 13:35:39.0708 TdxVGAUSB (09077177bd24869864e14a6bb8a862f7) C:\Windows\system32\drivers\TdxVGAUSB.sys
2010/11/01 13:35:39.0802 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/01 13:35:39.0927 tosrfbd (ce378f952a16fbfe355126d90d8f42e8) C:\Windows\system32\DRIVERS\tosrfbd.sys
2010/11/01 13:35:40.0036 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\Windows\system32\DRIVERS\Tosrfhid.sys
2010/11/01 13:35:40.0098 tosrfusb (20cc46c5d3326122e1a0a8c9dad00e0d) C:\Windows\system32\DRIVERS\tosrfusb.sys
2010/11/01 13:35:40.0192 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/01 13:35:40.0317 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/01 13:35:40.0426 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/01 13:35:40.0519 U2SP (228d8e60bc9c5238587b0bf1654ec580) C:\Windows\system32\DRIVERS\u2s2kxp.sys
2010/11/01 13:35:40.0629 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/11/01 13:35:40.0769 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/01 13:35:40.0894 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/01 13:35:40.0956 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/11/01 13:35:41.0034 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/01 13:35:41.0128 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/01 13:35:41.0221 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/01 13:35:41.0346 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/11/01 13:35:41.0440 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/01 13:35:41.0549 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/01 13:35:41.0627 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/01 13:35:41.0689 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/01 13:35:41.0799 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/11/01 13:35:41.0908 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/01 13:35:42.0001 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/11/01 13:35:42.0079 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/01 13:35:42.0204 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/01 13:35:42.0329 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/01 13:35:42.0407 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/11/01 13:35:42.0501 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/11/01 13:35:42.0563 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/11/01 13:35:42.0735 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/11/01 13:35:42.0828 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/11/01 13:35:42.0953 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/11/01 13:35:43.0047 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/11/01 13:35:43.0125 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/11/01 13:35:43.0234 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/01 13:35:43.0327 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/01 13:35:43.0359 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/01 13:35:43.0483 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/11/01 13:35:43.0561 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/01 13:35:43.0920 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/11/01 13:35:44.0045 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/11/01 13:35:44.0154 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/01 13:35:44.0232 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2010/11/01 13:35:44.0373 wtpfiltr (265c7ef841a1a690faa389864fabdda5) C:\Windows\system32\drivers\wtpfiltr.sys
2010/11/01 13:35:44.0482 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/01 13:35:44.0591 yukonwlh (69222091b6285906aff82e43681cf826) C:\Windows\system32\DRIVERS\yk60x86.sys
2010/11/01 13:35:44.0856 ================================================================================
2010/11/01 13:35:44.0856 Scan finished
2010/11/01 13:35:44.0856 ================================================================================
2010/11/01 13:35:44.0872 Detected object count: 1
2010/11/01 13:36:00.0893 RDPENCDD (16e5f7d375e18b1685c166b2638818f6) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/01 13:36:00.0893 Suspicious file (Forged): C:\Windows\system32\drivers\rdpencdd.sys. Real md5: 16e5f7d375e18b1685c166b2638818f6, Fake md5: 9d91fe5286f748862ecffa05f8a0710c
2010/11/01 13:36:01.0735 Backup copy not found, trying to cure infected file..
2010/11/01 13:36:01.0735 Cure success, using it..
2010/11/01 13:36:01.0751 C:\Windows\system32\drivers\rdpencdd.sys - will be cured after reboot
2010/11/01 13:36:01.0751 Rootkit.Win32.TDSS.tdl3(RDPENCDD) - User select action: Cure
2010/11/01 13:36:04.0933 Deinitialize success




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users