Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old August 21st, 2014, 10:27 PM
jonboy123 jonboy123 is offline
Senior Member
 
Join Date: Jan 2009
O/S: Windows 10 Pro
Location: Leicester, UK
Posts: 295
Windows 7 Ultimate PC sluggish

Hi.

I am also getting warnings that firewall and antivirus are turned off when they are both enabled. The pc is really slow to load anything. I suspect some sort of virus or system problem. Could you help with it please.

Thanks

Jon
Reply With Quote
  #2  
Old August 21st, 2014, 11:32 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Hello jonboy123,

Let's take a look.


The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.

-----------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.
Reply With Quote
  #3  
Old August 22nd, 2014, 11:03 AM
jonboy123 jonboy123 is offline
Senior Member
 
Join Date: Jan 2009
O/S: Windows 10 Pro
Location: Leicester, UK
Posts: 295
Windows 7 Ultimate PC sluggish

Hi Tom.

Here is the Roguekiller log. I tried to post it using quick reply but it doesn't seem to have gone so did another one. Had to rename it to winlog.exe though to get it to work. It seems to have deleted itself from the desktop also which is wierd?


RogueKiller V9.2.8.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jon [Admin rights]
Mode : Scan -- Date : 08/22/2014 10:09:16

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 21 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{83B65331-1D99-42AF-A739-4AA4B4DC3BC4} | DhcpNameServer : 172.20.10.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces\{83B65331-1D99-42AF-A739-4AA4B4DC3BC4} | DhcpNameServer : 172.20.10.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\T cpip\Parameters\Interfaces\{83B65331-1D99-42AF-A739-4AA4B4DC3BC4} | DhcpNameServer : 172.20.10.1 -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3285714031-64123788-3120992467-1001\Software\Microsoft\Windows\CurrentVersion\Pol icies\System | disableregistrytools : 0 -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3285714031-64123788-3120992467-1001\Software\Microsoft\Windows\CurrentVersion\Pol icies\System | disableregistrytools : 0 -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir...=ie&ar=msnhome -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir...=ie&ar=msnhome -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir...=ie&ar=msnhome -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir...=ie&ar=msnhome -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3285714031-64123788-3120992467-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3285714031-64123788-3120992467-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?


prd=ie&ar=iesearch -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir...ie&ar=iesearch -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] \\Test TimeTrigger -- C:\Users\Jon\AppData\Local\Temp\Runner.exe (C:\Users\Jon\AppData\Local\Temp\DNS.exe) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

Here is the OTL log:
OTL logfile created on: 22/08/2014 10:28:45 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jon\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 24.06% Memory free
6.49 Gb Paging File | 4.23 Gb Available in Paging File | 65.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 147.64 Gb Free Space | 31.70% Space Free | Partition Type: NTFS

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/08/22 09:02:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.exe
PRC - [2014/08/15 19:47:50 | 036,414,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.e xe
PRC - [2014/08/07 04:20:57 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/07/31 12:26:24 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdate Svc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/07/14 07:45:42 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/06/23 12:15:28 | 002,640,152 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/06/23 12:15:28 | 001,886,488 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/06/06 11:27:16 | 000,064,384 | ---- | M] (Google) -- C:\Users\Jon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/12/18 19:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe


========== Modules (No Company Name) ==========

MOD - [2014/08/22 08:18:13 | 000,043,008 | ---- | M] () -- c:\Users\Jon\AppData\Local\Temp\dropbox_sqlite_ext .{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnqwp_d.dll
MOD - [2014/08/15 19:46:08 | 003,610,624 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\Dropbox\bin\wxmsw28uh _vc.dll
MOD - [2014/08/07 04:20:55 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppgo oglenaclpluginchrome.dll
MOD - [2014/08/07 04:20:53 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf. dll
MOD - [2014/08/07 04:20:49 | 000,718,152 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libg lesv2.dll
MOD - [2014/08/07 04:20:47 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libe gl.dll
MOD - [2014/08/07 04:20:46 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmp egsumo.dll
MOD - [2014/07/14 07:45:47 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/14 07:45:44 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/06/30 12:24:56 | 001,404,120 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\Rapport MS\baseline\RapportMS.dll
MOD - [2014/03/23 17:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/23 20:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\Dropbox\bin\libcef.dl l


========== Services (SafeList) ==========

SRV:64bit: - [2014/07/25 14:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/07/14 07:45:42 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/21 10:44:06 | 000,535,552 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Windows\SysNative\HFGService.dll -- (HFGService)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/08/07 08:52:52 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Stopped] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.e xe -- (Garmin Core Update Service)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdate Svc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/07/10 03:22:27 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/23 12:15:28 | 001,886,488 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/18 19:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/16 21:31:34 | 000,443,080 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\GSService.exe -- (GSService)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/07/13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/07/14 07:46:35 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/07/14 07:45:53 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/07/14 07:45:52 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/07/14 07:45:52 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/07/14 07:45:52 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/07/14 07:45:52 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/07/14 07:45:52 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/07/14 07:45:51 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/06/23 12:15:38 | 000,358,616 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2014/01/23 04:21:06 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/23 04:21:06 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/10/02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/06/21 01:07:50 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2013/06/21 01:07:50 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2013/06/21 01:07:50 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2013/02/06 07:25:22 | 000,032,064 | ---- | M] (Jaksta Technologies Pty Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jakndis.sys -- (jakndis)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/03 17:21:52 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/12/21 10:43:36 | 000,052,224 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAudioHF.sys -- (BthAudioHF)
DRV:64bit: - [2009/12/21 10:43:00 | 000,078,848 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthav.sys -- (csr_a2dp)
DRV:64bit: - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/14 09:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2007/12/26 03:46:26 | 000,340,992 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v2.sys -- (RTL8187)
DRV - [2014/08/22 10:01:05 | 000,033,512 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysWOW64\drivers\TrueSight.sys -- (TrueSight)
DRV - [2014/06/30 12:24:48 | 000,631,128 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\Rapport Cerberus\baseline\RapportCerberus64_69108.sys -- (RapportCerberus_69108)
DRV - [2014/06/23 12:15:38 | 000,414,296 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2014/06/23 12:15:38 | 000,299,736 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/07/24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3285714031-64123788-3120992467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3285714031-64123788-3120992467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3285714031-64123788-3120992467-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 29 21 B9 D0 35 CD 01 [binary data]
IE - HKU\S-1-5-21-3285714031-64123788-3120992467-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3285714031-64123788-3120992467-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3285714031-64123788-3120992467-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_ 145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_ 145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgoo gletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npo1d .dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jon\AppData\Local\Google\Update\1.3.24.15 \npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jon\AppData\Local\Google\Update\1.3.24.15 \npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/14 07:45:57 | 000,000,000 | ---D | M]

[2012/11/05 20:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\exten sions
[2012/11/05 20:40:49 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\exten sions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2014/02/13 16:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Pepp erFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGo ogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf. dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_70 0_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmn hjmhfn\0.1.1.5023_0\
CHR - Extension: avast! Online Security = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki\9.0.2022.121_0\
CHR - Extension: Skype Click to Call = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl\7.3.16540.9015_0\
CHR - Extension: Google Wallet = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda\0.0.6.1_0\

O1 HOSTS File: ([2013/06/24 08:30:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKU\.DEFAULT..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\S-1-5-18..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\S-1-5-21-3285714031-64123788-3120992467-1001..\Run: [FBEB048EB7CB93125BF492D79DF0C3BC4EB81112._service_ run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Users\Helen\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.e xe (Dropbox, Inc.)
O4 - Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.e xe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3285714031-64123788-3120992467-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3285714031-64123788-3120992467-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3285714031-64123788-3120992467-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3285714031-64123788-3120992467-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3285714031-64123788-3120992467-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{83B65331-1D99-42AF-A739-4AA4B4DC3BC4}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{A6C5A978-1B40-4B4A-B30D-0897B717EBF6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\Jaksta\AC\x64\jaudcap.dll) - C:\Windows\Jaksta\AC\x64\jaudcap.dll (Jaksta Technologies Pty Ltd)
O20 - AppInit_DLLs: (C:\Windows\Jaksta\AC\x86\jaudcap.dll) - C:\Windows\Jaksta\AC\x86\jaudcap.dll (Jaksta Technologies Pty Ltd)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/23 18:51:58 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
Reply With Quote
  #4  
Old August 22nd, 2014, 11:03 AM
jonboy123 jonboy123 is offline
Senior Member
 
Join Date: Jan 2009
O/S: Windows 10 Pro
Location: Leicester, UK
Posts: 295
Windows 7 Ultimate PC sluggish

========== Files/Folders - Created Within 30 Days ==========

[2014/08/22 09:02:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.exe
[2014/08/22 08:41:24 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\CrashDumps
[2014/08/22 08:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/08/21 23:05:43 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/08/21 23:05:41 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/08/21 23:05:41 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/08/21 23:05:41 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/08/21 23:05:26 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/08/21 23:05:26 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/08/21 23:03:07 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/21 23:03:07 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/08/21 22:52:41 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Jaksta Media Player
[2014/08/21 22:47:22 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/08/21 22:47:20 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/08/21 22:47:19 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/08/21 22:47:18 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/08/21 22:47:14 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/21 22:47:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/08/21 22:47:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/21 22:47:02 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/08/21 22:47:02 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/08/21 22:47:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/08/21 22:46:58 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/08/21 22:46:55 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/08/21 22:46:50 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/08/21 22:46:46 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/08/21 22:46:46 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/08/21 22:46:45 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/08/21 22:46:41 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/08/21 22:46:38 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/08/21 22:46:34 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/08/21 22:46:33 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/08/21 22:46:24 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/08/21 22:46:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/08/21 22:46:14 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/08/21 22:46:07 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/08/21 22:46:06 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/08/21 22:46:03 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/08/21 22:46:02 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/08/21 22:46:01 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/08/21 22:46:00 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/08/21 22:45:58 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/08/21 22:45:57 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/08/21 22:45:56 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/08/21 22:45:49 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/08/21 22:45:48 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/08/21 22:45:42 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/21 21:59:26 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/08/21 21:52:25 | 000,529,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/08/21 21:52:17 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/08/10 09:03:29 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\pangu
[2014/08/10 00:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/08/10 00:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/08/10 00:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/08/10 00:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/08/10 00:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/08/02 09:01:46 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/08/02 09:01:46 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/08/02 09:01:45 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/08/02 09:01:17 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/08/02 09:01:17 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/08/02 09:01:16 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2014/08/02 09:01:15 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/08/02 09:01:15 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2014/08/02 09:01:14 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2014/08/02 09:00:34 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2014/08/02 09:00:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2014/08/02 09:00:32 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/08/02 09:00:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/08/22 10:31:10 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/22 10:29:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3285714031-64123788-3120992467-1001UA.job
[2014/08/22 10:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/22 10:01:05 | 000,033,512 | ---- | M] () -- C:\Windows\SysWow64\drivers\TrueSight.sys
[2014/08/22 09:02:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.exe
[2014/08/22 08:30:02 | 004,851,288 | ---- | M] () -- C:\Users\Jon\Desktop\winlog.exe
[2014/08/22 08:16:39 | 000,011,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/22 08:16:37 | 000,011,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/22 08:13:24 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/22 08:08:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/22 08:08:31 | 2615,812,096 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/21 23:03:31 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/21 22:42:27 | 000,001,311 | ---- | M] () -- C:\Users\Public\Desktop\Jaksta Media Player.lnk
[2014/08/21 21:33:45 | 000,001,045 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\Dropbox.lnk
[2014/08/21 21:32:36 | 000,001,009 | ---- | M] () -- C:\Users\Jon\Desktop\Dropbox.lnk
[2014/08/10 00:08:15 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/08/09 19:16:02 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3285714031-64123788-3120992467-1001Core.job
[2014/08/07 03:06:41 | 000,529,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/08/07 03:01:34 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/07/30 10:35:01 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/30 10:35:01 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/30 10:35:01 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/07/25 15:01:41 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/07/25 14:30:30 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/07/25 14:28:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/07/25 14:28:27 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/07/25 14:25:45 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/07/25 14:10:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/07/25 14:03:50 | 000,598,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/07/25 14:00:51 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/07/25 14:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/07/25 13:59:28 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/07/25 13:47:25 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/25 13:40:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/07/25 13:34:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/07/25 13:33:08 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/07/25 13:30:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/07/25 13:28:15 | 005,824,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/07/25 13:28:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/25 13:19:18 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/07/25 13:17:33 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/07/25 13:17:26 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/07/25 13:12:35 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/07/25 13:10:53 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/07/25 13:10:15 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/07/25 13:08:47 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/07/25 12:47:50 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/07/25 12:43:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/25 12:42:31 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/07/25 12:39:29 | 002,087,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/07/25 12:39:25 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/07/25 12:36:30 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/07/25 12:34:04 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/07/25 12:07:49 | 002,001,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/07/25 12:07:10 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/07/25 11:17:47 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/07/25 11:09:19 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/08/22 08:30:58 | 000,033,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\TrueSight.sys
[2014/08/22 08:30:07 | 004,851,288 | ---- | C] () -- C:\Users\Jon\Desktop\winlog.exe
[2014/08/21 22:42:27 | 000,001,311 | ---- | C] () -- C:\Users\Public\Desktop\Jaksta Media Player.lnk
[2014/08/21 21:33:45 | 000,001,045 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\Dropbox.lnk
[2014/08/10 00:08:15 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/03/18 22:57:55 | 000,000,084 | ---- | C] () -- C:\Windows\wininit.ini
[2014/03/01 23:27:20 | 000,003,584 | ---- | C] () -- C:\Users\Jon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/30 19:32:13 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2014/01/30 19:32:12 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2014/01/09 20:30:02 | 000,000,108 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\WB.CFG
[2014/01/09 20:30:02 | 000,000,005 | ---- | C] () -- C:\Users\Jon\AppData\Roaming\WBPU-TTL.DAT
[2013/12/29 16:06:59 | 000,443,080 | ---- | C] () -- C:\Windows\SysWow64\GSService.exe
[2013/11/08 17:18:02 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2013/11/08 15:18:25 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2013/10/07 19:36:02 | 000,000,017 | ---- | C] () -- C:\Users\Jon\AppData\Local\resmon.resmoncfg
[2013/06/25 21:07:12 | 000,044,216 | ---- | C] () -- C:\Users\Jon\AppData\Local\RAContactHistory.xml
[2013/03/29 15:27:03 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/02/16 23:18:51 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/02/05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/02/05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/02/05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/02/05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/05/27 11:57:34 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/05/19 16:06:12 | 000,000,632 | RHS- | C] () -- C:\Users\Jon\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
Reply With Quote
  #5  
Old August 22nd, 2014, 11:08 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Nothing really bad so far. Odd DNS settings - do you use a phone tether (or have) to connect to the Internet? Wondering if just Avast is the culprit.



See if you can locate some files to check.

Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


Navigate (right click My Computer, left click Explore) to the following files:

C:\Users\Jon\AppData\Local\Temp\Runner.exe
C:\Users\Jon\AppData\Local\Temp\DNS.exe

If they exist, then just zip a copy of each, and send it to jintan@malwarecrypt.com as an attachment. Please place "Submitted Files - jonboy123" as the email Subject.

------------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Reply With Quote
  #6  
Old August 23rd, 2014, 10:16 AM
jonboy123 jonboy123 is offline
Senior Member
 
Join Date: Jan 2009
O/S: Windows 10 Pro
Location: Leicester, UK
Posts: 295
Hi Tom.

Couldn't find either of these files to send to you. Are you able to advise on what the correct DNS settings should be? (I changed them a while ago to just make web browsing more secure for my daughter but not sure if i did it correctly) If Avast is the culprit, would you advise changing to another antivirus program. I installed Avast originally because of its low resource usage and good reviews on CNet, but that was a while ago.

Here is the GMER log

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-23 10:06:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-00UU3A0 rev.01.03B01 465.76GB
Running: r9d45imn.exe; Driver: C:\Users\Jon\AppData\Local\Temp\uwldypow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLoo kasideList + 528 fffff80002fa4000 45 bytes [70, 11, 05, 00, 00, 00, 63, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLoo kasideList + 574 fffff80002fa402e 24 bytes [1D, 00, E3, B2, 5D, C0, 13, ...]

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 000000014a2d0460
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 000000014a2d0450
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 000000014a2d0370
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 000000014a2d0470
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 000000014a2d03e0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 000000014a2d0320
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 000000014a2d03b0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 000000014a2d0390
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 000000014a2d02e0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 000000014a2d02d0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 000000014a2d0310
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 000000014a2d03c0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 000000014a2d03f0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 000000014a2d0230
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 000000014a2d0480
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 000000014a2d03a0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 000000014a2d02f0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 000000014a2d0350
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 000000014a2d0290
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 000000014a2d02b0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 000000014a2d03d0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 000000014a2d0330
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 000000014a2d0410
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 000000014a2d0240
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 000000014a2d01e0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 000000014a2d0250
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 000000014a2d0490
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 000000014a2d04a0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 000000014a2d0300
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 000000014a2d0360
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 000000014a2d02a0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 000000014a2d02c0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 000000014a2d0380
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 000000014a2d0340
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 000000014a2d0440
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 000000014a2d0260
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 000000014a2d0270
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 000000014a2d0400
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 000000014a2d01f0
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 000000014a2d0210
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 000000014a2d0200
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 000000014a2d0420
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 000000014a2d0430
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 000000014a2d0220
.text C:\Windows\system32\csrss.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 000000014a2d0280
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Windows\system32\services.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Windows\system32\services.exe[580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007744ef8d 1 byte [62]
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread
Reply With Quote
  #7  
Old August 23rd, 2014, 10:17 AM
jonboy123 jonboy123 is offline
Senior Member
 
Join Date: Jan 2009
O/S: Windows 10 Pro
Location: Leicester, UK
Posts: 295
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Windows\system32\lsass.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Windows\system32\winlogon.exe[692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007744ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry
Reply With Quote
  #8  
Old August 23rd, 2014, 10:19 AM
jonboy123 jonboy123 is offline
Senior Member
 
Join Date: Jan 2009
O/S: Windows 10 Pro
Location: Leicester, UK
Posts: 295
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Windows\system32\svchost.exe[756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 0000000100070280
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[908] C:\Windows\SysWOW64\ntdll.dll!KiUserApcDispatcher 0000000077700028 5 bytes JMP 0000000100eb4100
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[908] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62]
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[908] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000759b2c9e 4 bytes CALL 71ab0000
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[908] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076464296 5 bytes JMP 0000000171a50022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[908] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076464889 5 bytes JMP 0000000171a10022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[908] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007646d1ea 5 bytes JMP 00000001719d0022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[908] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076477673 5 bytes JMP 0000000171ae0022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d91465 2 bytes [D9, 75]
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe[908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d914bb 2 bytes [D9, 75]
.text ... * 2
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess
Reply With Quote
  #9  
Old August 23rd, 2014, 10:19 AM
jonboy123 jonboy123 is offline
Senior Member
 
Join Date: Jan 2009
O/S: Windows 10 Pro
Location: Leicester, UK
Posts: 295
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Windows\System32\svchost.exe[136] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Windows\System32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Windows\System32\svchost.exe[404] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007744ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Windows\system32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Windows\system32\svchost.exe[572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007744ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess
Reply With Quote
  #10  
Old August 23rd, 2014, 10:20 AM
jonboy123 jonboy123 is offline
Senior Member
 
Join Date: Jan 2009
O/S: Windows 10 Pro
Location: Leicester, UK
Posts: 295
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Windows\system32\svchost.exe[1348] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Windows\System32\spoolsv.exe[1656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1796] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1820] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Windows\system32\svchost.exe[2208] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2384] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62]
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
Reply With Quote
  #11  
Old August 23rd, 2014, 10:21 AM
jonboy123 jonboy123 is offline
Senior Member
 
Join Date: Jan 2009
O/S: Windows 10 Pro
Location: Leicester, UK
Posts: 295
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Windows\system32\atieclxx.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Windows\system32\SearchIndexer.exe[3476] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007744ef8d 1 byte [62]
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
Reply With Quote
  #12  
Old August 23rd, 2014, 10:22 AM
jonboy123 jonboy123 is offline
Senior Member
 
Join Date: Jan 2009
O/S: Windows 10 Pro
Location: Leicester, UK
Posts: 295
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Windows\system32\taskhost.exe[2808] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007744ef8d 1 byte [62]
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\Dwm.exe[3108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 0000000100070280
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Windows\Explorer.EXE[2724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Windows\Explorer.EXE[2724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007744ef8d 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3880] C:\Windows\syswow64\kernel32.dll!SetUnhandledExcep tionFilter 00000000754a8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2812] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3912] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62]
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[456] C:\Windows\SysWOW64\ntdll.dll!KiUserApcDispatcher 0000000077700028 5 bytes JMP 0000000100f3c710
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[456] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62]
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[456] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 00000000759b2c9e 4 bytes CALL 71ac0000
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[456] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076464296 5 bytes JMP 0000000171a20022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[456] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076464889 5 bytes JMP 00000001719e0022
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[456] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007646d1ea 5 bytes JMP 00000001719a0022
Reply With Quote
  #13  
Old August 23rd, 2014, 10:22 AM
jonboy123 jonboy123 is offline
Senior Member
 
Join Date: Jan 2009
O/S: Windows 10 Pro
Location: Leicester, UK
Posts: 295
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d91465 2 bytes [D9, 75]
.text C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe[456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d914bb 2 bytes [D9, 75]
.text ... * 2
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Program Files\iPod\bin\iPodService.exe[5000] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.e xe[1020] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62]
.text C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.e xe[1020] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075d91465 2 bytes [D9, 75]
.text C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.e xe[1020] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075d914bb 2 bytes [D9, 75]
.text ... * 2
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Windows\System32\svchost.exe[3740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rt 0000000077561360 5 bytes JMP 00000000776c0460
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775613b0 5 bytes JMP 00000000776c0450
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077561510 5 bytes JMP 00000000776c0370
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePo rtEx 0000000077561560 5 bytes JMP 00000000776c0470
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077561570 5 bytes JMP 00000000776c03e0
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077561620 5 bytes JMP 00000000776c0320
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077561650 5 bytes JMP 00000000776c03b0
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077561670 5 bytes JMP 00000000776c0390
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775616b0 5 bytes JMP 00000000776c02e0
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077561730 5 bytes JMP 00000000776c02d0
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077561750 5 bytes JMP 00000000776c0310
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077561790 5 bytes JMP 00000000776c03c0
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775617e0 5 bytes JMP 00000000776c03f0
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077561940 5 bytes JMP 00000000776c0230
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceiv ePort 0000000077561b00 5 bytes JMP 00000000776c0480
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJob Object 0000000077561b30 5 bytes JMP 00000000776c03a0
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077561c10 5 bytes JMP 00000000776c02f0
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077561c20 5 bytes JMP 00000000776c0350
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077561c80 5 bytes JMP 00000000776c0290
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077561d10 5 bytes JMP 00000000776c02b0
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077561d30 5 bytes JMP 00000000776c03d0
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077561d40 5 bytes JMP 00000000776c0330
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077561db0 5 bytes JMP 00000000776c0410
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077561de0 5 bytes JMP 00000000776c0240
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775620a0 5 bytes JMP 00000000776c01e0
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077562160 5 bytes JMP 00000000776c0250
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077562190 5 bytes JMP 00000000776c0490
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultip leKeys 00000000775621a0 5 bytes JMP 00000000776c04a0
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775621d0 5 bytes JMP 00000000776c0300
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775621e0 5 bytes JMP 00000000776c0360
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077562240 5 bytes JMP 00000000776c02a0
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077562290 5 bytes JMP 00000000776c02c0
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775622c0 5 bytes JMP 00000000776c0380
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775622d0 5 bytes JMP 00000000776c0340
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775625c0 5 bytes JMP 00000000776c0440
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775627c0 5 bytes JMP 00000000776c0260
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775627d0 5 bytes JMP 00000000776c0270
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775627e0 5 bytes JMP 00000000776c0400
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformati on 00000000775629a0 5 bytes JMP 00000000776c01f0
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerStat e 00000000775629b0 5 bytes JMP 00000000776c0210
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077562a20 5 bytes JMP 00000000776c0200
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077562a80 5 bytes JMP 00000000776c0420
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077562a90 5 bytes JMP 00000000776c0430
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077562aa0 5 bytes JMP 00000000776c0220
.text C:\Windows\system32\wbem\wmiprvse.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077562b80 5 bytes JMP 00000000776c0280
.text C:\Users\Jon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5428] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62]
.text C:\Users\Jon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d91465 2 bytes [D9, 75]
.text C:\Users\Jon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d914bb 2 bytes [D9, 75]
.text ... * 2
.text C:\Users\Jon\Desktop\r9d45imn.exe[3792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000754ca2fd 1 byte [62]
---- Processes - GMER 2.1 ----

Library C:\Users\Jon\AppData\Roaming\Dropbox\bin\wxmsw28uh _vc.dll (*** suspicious ***) @ C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.e xe [1020](2014-08-15 18:46:08) 0000000003c10000
Library c:\users\jon\appdata\local\temp\dropbox_sqlite_ext .{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjgbm7p.dll (*** suspicious ***) @ C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.e xe [1020](2014-08-23 08:39:41) 0000000004060000
Library C:\Users\Jon\AppData\Roaming\Dropbox\bin\libcef.dl l (*** suspicious ***) @ C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.e xe [1020](2013-08-23 19:01:44) 0000000064390000
Library C:\Users\Jon\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.e xe [1020] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 0000000067110000

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\00081bc01e1c
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\00081bc01e1c (not active ControlSet)

---- EOF - GMER 2.1 ----
Reply With Quote
  #14  
Old August 24th, 2014, 12:17 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Malware running from Dropbox. Must be some flaw in the software that allows that. FYI - PM me before posting such a large log like this last Gmer log.

See if you can uninstall Dropbox. Reboot after, and just update me if the uninstall went without a problem.

------------

But also go here and download Malwarebytes AntiRootkit from here to your desktop, then click that and allow it to extract to your desktop.

Click Next, then click the Update button (you will need to have the Internet connected for this). Once it has updated, click Next, then click Scan.

When it finishes, click Exit. Then post the two logs it created, located in the same mbar folder on your desktop.

mbar-log-date-(xx-xx-xx).txt
system-log.txt
Reply With Quote
  #15  
Old August 24th, 2014, 10:21 PM
jonboy123 jonboy123 is offline
Senior Member
 
Join Date: Jan 2009
O/S: Windows 10 Pro
Location: Leicester, UK
Posts: 295
Windows 7 Ultimate PC sluggish

Hi Tom.

The Malwarebytes rootkit scan didn't find any malware.

Here are the logs.

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.08.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17239
Jon :: JON-PC [administrator]

24/08/2014 21:12:20
mbar-log-2014-08-24 (21-12-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 0
Time elapsed: 1 minute(s), 10 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17239

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.812000 GHz
Memory total: 3487752192, free: 1527738368

Downloaded database version: v2014.08.24.06
Downloaded database version: v2014.08.21.01
=======================================
Initializing...
------------ Kernel report ------------
08/24/2014 21:12:03
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\RapportKE64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\??\C:\ProgramData\Trusteer\Rapport\store\exts\Rap portCerberus\baseline\RapportCerberus64_69108.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\aswKbd.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\jakndis.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8003843060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80028e5680
Lower Device Driver Name: \Driver\atapi\
Scan Interrupted
Scan Interrupted
Scan Interrupted
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003843060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003843b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003843060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80028f5520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80028e5680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Scan was aborted.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17239

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.812000 GHz
Memory total: 3487752192, free: 1528131584

Downloaded database version: v2014.08.24.06
Downloaded database version: v2014.08.21.01
Initializing...
======================
------------ Kernel report ------------
08/24/2014 21:15:00
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\RapportKE64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\??\C:\ProgramData\Trusteer\Rapport\store\exts\Rap portCerberus\baseline\RapportCerberus64_69108.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\aswKbd.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\jakndis.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8003843060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80028e5680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003843060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003843b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003843060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80028f5520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80028e5680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C633D97F

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 976751937
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Windows Ultimate Booster Virus shirley_b1 Malware Removal 2 February 3rd, 2014 03:26 PM
Switching from Windows Vista to Windows 7 Ultimate Nicol Windows Vista 2 March 27th, 2011 01:45 AM
Upgrade from Vista Ultimate 32 bit to Windows 7 64 bit airjazz Windows 7 1 June 10th, 2010 06:13 PM
Windows 7 Ultimate, which to buy? IPR512 Windows 7 19 October 26th, 2009 05:34 AM
Windows Vista Ultimate Problems zg56789 Windows Vista 6 July 26th, 2007 01:37 AM


All times are GMT +1. The time now is 01:01 PM.