Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

unresponsive Internet Explorer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

unresponsive Internet Explorer

Unread postby heyoka05 » June 3rd, 2013, 9:38 am

Internet Explorer does not load unless I run it in "In Private Browsing mode"

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576
Run by bigdog at 9:26:27 on 2013-06-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2276 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mc1610.mail.yahoo.com/mc/welc ... 1310425012
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Freecorder extension: {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Freecorder Toolbar: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
dRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.co ... 4.24.0.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DS ... ller64.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{EF051494-A21D-45A4-B182-C41D1A6BB144} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{EF051494-A21D-45A4-B182-C41D1A6BB144}\44F65776C6163723 : DHCPNameServer = 192.168.0.1 216.165.129.158
TCP: Interfaces\{EF051494-A21D-45A4-B182-C41D1A6BB144}\662716E61313 : DHCPNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Freecorder extension x64: {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension x64\ScriptHost.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\xf2x1qqs.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\xf2x1qqs.default\extensions\addon@freecorder.com\plugins\npFreeCoder.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-04-16 22:42; addon@freecorder.com; C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\xf2x1qqs.default\extensions\addon@freecorder.com
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - f3692167-0855-4bad-96f3-522959543258
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-21 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-21 189936]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-6-6 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-6-6 378432]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-6-6 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-6-6 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-30 46808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-13 13336]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-7-11 517632]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-13 2320920]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-5-13 344616]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-5-13 39464]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-8 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-12-8 317440]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2011-7-7 15896]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-7-7 327576]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-5-13 329832]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 452200]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-10 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-7 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-06-01 03:32:27 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0207E05B-E2A0-4A34-B3C5-0A8BB2CB5F1C}\mpengine.dll
2013-05-29 22:15:48 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-15 02:06:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 02:06:53 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 02:06:52 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 02:06:41 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 02:06:40 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 02:06:39 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 02:06:39 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 02:06:33 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-04 21:28:34 -------- d-----w- C:\ProgramData\BlueStacksSetup
.
==================== Find3M ====================
.
2013-05-29 22:15:48 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-19 02:53:24 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-19 02:53:24 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 9:27:18.19 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/6/2011 1:38:57 AM
System Uptime: 6/3/2013 7:50:16 AM (2 hours ago)
.
Motherboard: Hewlett-Packard | | 166A
Processor: Intel(R) Pentium(R) CPU P6300 @ 2.27GHz | CPU | 2266/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 450 GiB total, 356.276 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.932 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 0 GiB total, 0.083 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe FE Family Controller
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_166A103C&REV_05\4&1D668223&0&00E1
Manufacturer: Realtek
Name: Realtek PCIe FE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_166A103C&REV_05\4&1D668223&0&00E1
Service: RTL8167
.
==== System Restore Points ===================
.
RP251: 4/30/2013 8:48:17 AM - Windows Update
RP252: 5/4/2013 5:57:49 PM - Removed BlueStacks Notification Center
RP253: 5/4/2013 5:59:48 PM - Removed Blio
RP254: 5/7/2013 11:46:00 AM - Windows Update
RP255: 5/14/2013 9:58:33 PM - Windows Update
RP256: 5/15/2013 1:28:43 AM - Windows Update
RP257: 5/22/2013 3:08:27 PM - Windows Update
RP258: 5/28/2013 10:09:42 PM - Windows Update
RP259: 5/29/2013 6:12:38 PM - Windows Update
RP260: 5/30/2013 10:30:40 AM - Windows Modules Installer
RP261: 5/30/2013 11:01:30 AM - Windows Modules Installer
RP262: 5/30/2013 11:10:06 AM - Windows Modules Installer
RP263: 5/30/2013 12:47:54 PM - Windows Modules Installer
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 6.0
Adobe Reader 9.5.5 MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
AP Tuner 3.08
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Editor 6
AVS Video Recorder 2.4
AVS4YOU Software Navigator 1.4
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Blender
Bonjour
Bounce Symphony
Broadcom 2070 Bluetooth 3.0
Broadcom 802.11 Wireless LAN Adapter
Bryce 7.1
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
CyberLink DVD Suite
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
Epson Connect
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
EPSON NX430 Series Printer Uninstall
EPSON PhotoQuicker3.0
EPSON Scan
EpsonNet Print
Escape Rosecliff Island
ESU for Microsoft Windows 7
EZdrummer
EZXCocktail
Farm Frenzy
FATE
ffdshow v1.2.4422 [2012-04-09]
File Type Assistant
Film Factory
Final Drive Nitro
Final Media Player 2011
Freecorder 5
Freecorder 7 Applications (7.0.0.48)
Freecorder extension
Freecorder extension for Firefox
Freecorder extension x64
Freecorder Toolbar
GTK2-Runtime
HDVidCodec
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.2.1.1
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Product Detection
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
HP Wireless Assistant
IDT Audio
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
iTabla Desktop 3 Professional
iTunes
Java Auto Updater
Java(TM) 6 Update 14
Java(TM) 6 Update 22 (64-bit)
Java(TM) 6 Update 33
Jewel Quest Solitaire 2
KTabS Reader
LabelPrint
LightScribe System Software
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Mesh Runtime
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Microsoft_VC90_CRT_x86
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
OneTouch Version 3.0
Panopticum Engraver 1.0
PaperPort 7.0
Penguins!
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
QuickTime
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
REAPER
Recovery Manager
RiyazStudio
RoxioNow Player
Scala
Security Update for CAPICOM (KB931906)
Sony ACID Music Studio 6.0b
Spectrum Analyzer pro Lab
Starry Night Backyard 4
StroboSoft
SwarPlug Demo
Synaptics TouchPad Driver
System Requirements Lab for Intel
VC80CRTRedist - 8.0.50727.6195
Virtual Families
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPatrol
WinRAR 4.01 (64-bit)
Xiph.Org Open Codecs 0.85.17777
Yahoo! Detect
Yontoo 1.12.02
Zuma Deluxe
.
==== End Of File ===========================
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am
Advertisement
Register to Remove

Re: unresponsive Internet Explorer

Unread postby deltalima » June 3rd, 2013, 5:02 pm

checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: unresponsive Internet Explorer

Unread postby deltalima » June 3rd, 2013, 5:11 pm

HI heyoka05,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Windows 7 and Vista users
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files (Right click and choose "Run as administrator" in Vista/Win7).
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it (Right click and choose "Run as administrator" in Vista/Win7).
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.


Please let me know if the computer is used for business in any way.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 3rd, 2013, 10:39 pm

Thanks for your time and help ......here's the results

CKScanner 2.3 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.QPLBRO
----- EOF -----


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9
Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=
Windows Product ID: 00359-OEM-8992687-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {7F0923B8-5B72-4945-AA8A-7E3DB1FE1BD2}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130318-1533
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3

-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-

2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7F0923B8-5B72-4945-

AA8A-7E3DB1FE1BD2}

</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS>

<Architecture>x64</Architecture><PKey>*****-*****-*****-*****-

3Q6C9</PKey><PID>00359-OEM-8992687-

00010</PID><PIDType>2</PIDType><SID>S-1-5-21-3725795197-1872689522-

2498876610</SID><SYSTEM><Manufacturer>Hewlett-

Packard</Manufacturer><Model>HP Pavilion g7 Notebook

PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-

Packard</Manufacturer><Version>F.33</Version><SMBIOSVersion major="2"

minor="6"/><Date>20110830000000.000000+000</Date></BIOS><HWID>94223607018

400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZo

ne>Eastern Standard Time(GMT-05:00)

</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></n

ame><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-

MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><R

esult>109</Result><Products/><Applications/></Office></Software></Genuine

Results>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800010-02-1033-7600.0000-1332011
Installation ID: 021410383402265480683085710061013454348950429430140874
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 3Q6C9
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 6/3/2013 10:33:49 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 3:26:2013 01:08
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current:

LAAAAAEAAQABAAEAAAABAAAAAgABAAEA6GFKj4aqWIIYSy4PGFkgs/QaXF0=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-MPC
FACP HPQOEM SLIC-MPC
HPET HPQOEM SLIC-MPC
BOOT HPQOEM SLIC-MPC
MCFG HPQOEM SLIC-MPC
ASF! HPQOEM SLIC-MPC
SLIC HPQOEM SLIC-MPC
ASPT HPQOEM SLIC-MPC
SSDT PmRef CpuPm
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby deltalima » June 4th, 2013, 3:50 am

HI heyoka05,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it (Right click and choose "Run as administrator" in Vista/Win7).
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file (Right click and choose "Run as administrator" in Vista/Win7). If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 9:55 am

Thanks again for your time and trouble ......it's most appreciated
I'm running into a little trouble with the GMER txt ......your system is telling me that the file is too large to post ....I ran the program just as requested .....all boxes checked on the right .....C drive instead of Quick scan ....I assume ADS was to remain checked as well and 3rd party to remain unchecked as when it's check , Show All becomes checked......Am I doing something wrong?

Here are the OT texts



OTL logfile created on: 6/4/2013 11:26:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bigdog\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 55.94% Memory free
7.60 Gb Paging File | 5.61 Gb Available in Paging File | 73.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.04 Gb Total Space | 358.08 Gb Free Space | 79.57% Space Free | Partition Type: NTFS
Drive D: | 15.43 Gb Total Space | 1.93 Gb Free Space | 12.52% Space Free | Partition Type: NTFS
Drive F: | 99.02 Mb Total Space | 84.63 Mb Free Space | 85.47% Space Free | Partition Type: FAT32

Computer Name: BIGDOG-HP | User Name: bigdog | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\bigdog\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe ()
PRC - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe ()
MOD - C:\Program Files (x86)\Freecorder extension\ButtonSite.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572 ... com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3725795197-1872689522-2498876610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-3725795197-1872689522-2498876610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc1610.mail.yahoo.com/mc/welc ... 1310425012
IE - HKU\S-1-5-21-3725795197-1872689522-2498876610-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3725795197-1872689522-2498876610-1000\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKU\S-1-5-21-3725795197-1872689522-2498876610-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3725795197-1872689522-2498876610-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3725795197-1872689522-2498876610-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
IE - HKU\S-1-5-21-3725795197-1872689522-2498876610-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3725795197-1872689522-2498876610-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: addon@freecorder.com:7.0.0.13


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/30 10:07:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/14 12:20:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/09/14 12:20:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigdog\AppData\Roaming\Mozilla\Extensions
[2013/05/30 11:07:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\xf2x1qqs.default\extensions
[2013/04/16 22:42:49 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\xf2x1qqs.default\extensions\addon@freecorder.com
[2013/05/30 11:07:54 | 000,021,487 | ---- | M] () (No name found) -- C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\xf2x1qqs.default\extensions\plugin@yontoo.com.xpi
[2012/09/14 12:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Freecorder extension x64) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension x64\ScriptHost.dll (Applian Technologies Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll (Applian Technologies Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3725795197-1872689522-2498876610-1000\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3725795197-1872689522-2498876610-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.co ... 4.24.0.cab (SysInfo Class)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DS ... ller64.cab (WebBrowserType Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF051494-A21D-45A4-B182-C41D1A6BB144}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/04 11:23:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\bigdog\Desktop\OTL.exe
[2013/06/03 22:34:39 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/06/03 22:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/05/30 12:51:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/05/29 18:17:29 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/29 18:17:29 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/29 18:17:29 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/05/29 18:17:29 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/05/29 18:17:29 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/05/29 18:17:29 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/05/29 18:17:29 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/05/29 18:17:29 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/05/29 18:17:29 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/29 18:17:29 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/05/29 18:17:29 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/05/29 18:17:29 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/05/29 18:17:29 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/29 18:17:29 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/05/29 18:17:29 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/05/29 18:17:29 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/29 18:17:29 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/29 18:17:29 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/05/29 18:17:29 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/05/29 18:17:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/05/29 18:17:29 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/05/29 18:17:29 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/05/29 18:17:29 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/05/29 18:17:29 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/05/29 18:17:29 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/29 18:17:29 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/05/29 18:17:29 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/05/29 18:17:29 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/05/29 18:17:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/29 18:17:29 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/05/29 18:17:29 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/29 18:17:29 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/05/29 18:17:29 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/05/29 18:17:29 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/29 18:17:29 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/05/29 18:17:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/29 18:17:29 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/05/29 18:17:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/29 18:17:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/05/29 18:17:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/29 18:17:29 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/05/29 18:17:29 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/29 18:17:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/05/29 18:17:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/29 18:17:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/29 18:17:29 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/05/29 18:17:29 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/05/29 18:17:29 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/05/29 18:17:28 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/29 18:17:28 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/29 18:17:28 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/29 18:17:28 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/29 18:17:28 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/29 18:17:28 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/29 18:17:28 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/05/29 18:17:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/05/29 18:17:28 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/05/29 18:17:28 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/29 18:17:28 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/05/29 18:17:28 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/05/29 18:17:28 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/29 18:17:28 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/05/29 18:17:28 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/05/29 18:17:28 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/05/29 18:17:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/05/29 18:17:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/05/29 18:17:28 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/05/29 18:17:28 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/05/29 18:15:48 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/05/29 18:15:48 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/05/29 18:15:48 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/05/29 18:15:48 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/05/29 18:15:48 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/05/29 18:15:48 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/05/29 18:15:48 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/05/29 18:15:48 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/05/29 18:15:48 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/05/29 18:15:48 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/05/29 18:15:48 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/05/29 18:15:48 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/05/29 18:15:48 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/05/29 18:15:48 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/05/29 18:15:48 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/05/29 18:15:48 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/05/29 18:15:48 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/05/29 18:15:48 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/05/29 18:15:48 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/05/29 18:15:48 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/05/29 18:15:48 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/05/29 18:15:48 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/05/29 18:15:48 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/05/29 18:15:48 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/05/29 18:15:48 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/05/29 18:15:48 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/05/29 18:15:48 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/05/29 18:15:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/05/29 18:15:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/05/29 18:15:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/05/29 18:15:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/05/29 18:15:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/05/29 18:15:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/05/29 18:15:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/05/29 18:15:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/05/29 18:15:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/05/29 18:15:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/05/29 18:15:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/05/29 18:15:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/05/29 18:15:48 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/05/29 18:15:48 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/05/14 22:06:53 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/14 22:06:52 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/14 22:06:41 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/14 22:06:40 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/14 22:06:40 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/14 22:06:39 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/04 11:26:39 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/04 11:26:39 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/04 11:23:53 | 000,377,856 | ---- | M] () -- C:\Users\bigdog\Desktop\cumfnxfg.exe
[2013/06/04 11:23:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bigdog\Desktop\OTL.exe
[2013/06/04 11:18:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/04 11:18:37 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/03 22:22:23 | 000,714,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/03 22:22:23 | 000,615,804 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/03 22:22:23 | 000,103,888 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/30 12:41:12 | 000,001,441 | ---- | M] () -- C:\Users\bigdog\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/30 10:07:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/05/30 09:55:56 | 000,276,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/29 18:17:29 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/29 18:17:29 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/29 18:17:29 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/05/29 18:17:29 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/05/29 18:17:29 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/05/29 18:17:29 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/05/29 18:17:29 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/05/29 18:17:29 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/05/29 18:17:29 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/29 18:17:29 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/05/29 18:17:29 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/05/29 18:17:29 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/05/29 18:17:29 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/29 18:17:29 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/05/29 18:17:29 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/05/29 18:17:29 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/29 18:17:29 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/29 18:17:29 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/05/29 18:17:29 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/05/29 18:17:29 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/05/29 18:17:29 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/05/29 18:17:29 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/05/29 18:17:29 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/05/29 18:17:29 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/05/29 18:17:29 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/29 18:17:29 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/05/29 18:17:29 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/05/29 18:17:29 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/05/29 18:17:29 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/29 18:17:29 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/05/29 18:17:29 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/29 18:17:29 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/29 18:17:29 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/05/29 18:17:29 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/05/29 18:17:29 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/29 18:17:29 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/05/29 18:17:29 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/29 18:17:29 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/05/29 18:17:29 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/29 18:17:29 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/05/29 18:17:29 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/29 18:17:29 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/05/29 18:17:29 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/29 18:17:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/05/29 18:17:29 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/29 18:17:29 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/29 18:17:29 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/05/29 18:17:29 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/29 18:17:29 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/29 18:17:29 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/05/29 18:17:29 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/05/29 18:17:28 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/29 18:17:28 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/29 18:17:28 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/29 18:17:28 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/29 18:17:28 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/29 18:17:28 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/29 18:17:28 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/05/29 18:17:28 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/05/29 18:17:28 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/05/29 18:17:28 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/29 18:17:28 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/05/29 18:17:28 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/05/29 18:17:28 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/05/29 18:17:28 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/05/29 18:17:28 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/05/29 18:17:28 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/05/29 18:17:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/05/29 18:17:28 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/05/29 18:17:28 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/05/29 18:15:48 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/05/29 18:15:48 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/05/29 18:15:48 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/05/29 18:15:48 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/05/29 18:15:48 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/05/29 18:15:48 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/05/29 18:15:48 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/05/29 18:15:48 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/05/29 18:15:48 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/05/29 18:15:48 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/05/29 18:15:48 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/05/29 18:15:48 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/05/29 18:15:48 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/05/29 18:15:48 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/05/29 18:15:48 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/05/29 18:15:48 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/05/29 18:15:48 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/05/29 18:15:48 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/05/29 18:15:48 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/05/29 18:15:48 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/05/29 18:15:48 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/05/29 18:15:48 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/05/29 18:15:48 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/05/29 18:15:48 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/05/29 18:15:48 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/05/29 18:15:48 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/05/29 18:15:48 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/05/29 18:15:48 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/05/29 18:15:48 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/05/29 18:15:48 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/05/29 18:15:48 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/05/29 18:15:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/05/29 18:15:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/05/29 18:15:48 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/05/29 18:15:48 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/05/29 18:15:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/05/29 18:15:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/05/29 18:15:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/05/29 18:15:48 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/05/29 18:15:48 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/05/29 18:15:48 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/05/29 18:08:19 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbigdog.job
[2013/05/11 16:44:00 | 000,595,195 | ---- | M] () -- C:\Users\bigdog\Desktop\105208081_LIC_05112013_154112_5368900.pdf
[2013/05/09 04:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/09 04:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/09 04:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/05/09 04:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/09 04:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/09 04:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/05/09 00:15:02 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBIGDOG-HP$.job
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/04 11:23:53 | 000,377,856 | ---- | C] () -- C:\Users\bigdog\Desktop\cumfnxfg.exe
[2013/05/30 12:41:12 | 000,001,441 | ---- | C] () -- C:\Users\bigdog\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/30 12:41:12 | 000,001,417 | ---- | C] () -- C:\Users\bigdog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/05/29 18:17:29 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/29 18:17:29 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/11 16:44:00 | 000,595,195 | ---- | C] () -- C:\Users\bigdog\Desktop\105208081_LIC_05112013_154112_5368900.pdf
[2013/02/18 22:17:59 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/11/03 18:23:51 | 000,109,400 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/05 11:24:34 | 000,207,727 | ---- | C] () -- C:\Windows\RiyazStudio Uninstaller.exe
[2012/07/18 01:04:21 | 000,018,363 | ---- | C] () -- C:\Users\bigdog\AppData\Roaming\UserTile.png
[2012/04/10 23:17:40 | 000,000,146 | ---- | C] () -- C:\Windows\StarryNight.ini
[2011/10/25 14:39:03 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/10/01 13:30:20 | 000,000,071 | ---- | C] () -- C:\Windows\ENX430.ini
[2011/07/10 10:07:08 | 000,007,609 | ---- | C] () -- C:\Users\bigdog\AppData\Local\Resmon.ResmonCfg
[2011/06/21 16:24:53 | 000,001,854 | ---- | C] () -- C:\Users\bigdog\AppData\Roaming\GhostObjGAFix.xml
[2011/06/20 19:06:59 | 000,000,023 | ---- | C] () -- C:\Windows\EPS820.ini
[2011/06/20 18:14:13 | 000,001,066 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/06/20 18:14:13 | 000,000,020 | ---- | C] () -- C:\Windows\calera.ini
[2011/06/20 18:14:05 | 000,269,312 | ---- | C] () -- C:\Windows\SysWow64\FPXIG.DLL
[2011/06/20 18:14:05 | 000,068,096 | ---- | C] () -- C:\Windows\SysWow64\IGFPX32P.DLL
[2011/06/20 18:14:05 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\JPEGACC.DLL
[2011/06/20 18:13:45 | 000,101,376 | ---- | C] () -- C:\Windows\SysWow64\WELSOF32.DLL
[2011/06/10 18:56:51 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 9:56 am

OTL Extra txt

OTL Extras logfile created on: 6/4/2013 11:26:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bigdog\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 55.94% Memory free
7.60 Gb Paging File | 5.61 Gb Available in Paging File | 73.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.04 Gb Total Space | 358.08 Gb Free Space | 79.57% Space Free | Partition Type: NTFS
Drive D: | 15.43 Gb Total Space | 1.93 Gb Free Space | 12.52% Space Free | Partition Type: NTFS
Drive F: | 99.02 Mb Total Space | 84.63 Mb Free Space | 85.47% Space Free | Partition Type: FAT32

Computer Name: BIGDOG-HP | User Name: bigdog | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027F81FC-D5D2-4023-80FB-0DA9FAFE93BC}" = lport=138 | protocol=17 | dir=in | app=system |
"{1602A73C-3942-4481-9BA4-789BFABA5221}" = lport=445 | protocol=6 | dir=in | app=system |
"{1D591ECB-1A17-472C-8CB2-B46567FD1B4D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{25B0942F-07F6-4C60-A5EC-CE1C2C0D5C37}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3673A377-86A9-492E-83B1-DF9A1ACE6883}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CEFB28E-6A13-4A5F-B8EB-2224386F8293}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{585F83A2-1B9B-4FB9-A008-7768AA8CABB0}" = lport=137 | protocol=17 | dir=in | app=system |
"{5AF2DF68-743D-43B3-87AE-6814D15DCA52}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5C9ACD4C-D406-4358-92F9-8330D20AA5A6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F7FA871-59E1-4AEE-8D57-E6D03D4C8055}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6AC46227-380C-4D85-A138-E35BE26485C1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{801B4F5D-A423-44BB-85FF-772A347808E0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8E0099DB-C2F3-4555-9945-1A916D760132}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{996984A0-2014-47FF-8C7F-72CE6E734468}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C787DE6-8812-4957-B405-C2D65D3686A3}" = rport=139 | protocol=6 | dir=out | app=system |
"{A82F189D-D10D-44DD-82E1-9DCF9A9079AF}" = lport=139 | protocol=6 | dir=in | app=system |
"{C4844EB7-36CA-4CD7-9CDC-2C1B24F71A66}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C86EBE37-B6DF-4FE5-9223-D6B476A23436}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DC944A18-2FE5-4302-AAA0-C99C93085236}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB528AC0-7C2E-461B-BBBD-3C8B43DB4A53}" = rport=445 | protocol=6 | dir=out | app=system |
"{EB560A2D-B5A4-4DF6-B3B0-79BB2E1675D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF433709-A9F0-4587-A924-5FC74CB17284}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F62F0756-592C-40E0-852E-308DF23F352B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7DF72AE-1099-4CC9-A53B-09AF773CA771}" = rport=138 | protocol=17 | dir=out | app=system |
"{F811845C-B08A-48E1-B887-9E27B0B10953}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A18AF38-3C9E-44FA-A0B3-7FB716727827}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0B7FC170-50B3-4B03-85AB-F93A340B9AE9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11E8DAB6-FBAA-475F-AB59-6689960A4B11}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19D57B7E-388C-4E03-A896-2D156160C418}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1EF2290E-58E9-4AE3-A9AB-32D5EADF65AB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1EFEE3AE-EF82-4A94-A724-BC69A5458571}" = protocol=17 | dir=in | app=c:\program files (x86)\rhapsody\rhapsody.exe |
"{2F510B67-C133-4EB5-83D4-55AA7FCEFB52}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4379A189-1AB1-49ED-9D1C-5FBA38F75BC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4461C240-0484-4AEF-90BF-F3C4613A7FD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4AD267E8-310D-4636-B76E-0882B00D6C24}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{4E80C4B2-D421-4E04-B4AE-56803D3252A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52CE95C6-5DDA-4FDA-92AC-BD7EBB6A2486}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{58C48142-A5F1-4A51-8854-835F44F67CB4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5B38264F-9B08-4258-9699-A8CCF173F2B3}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{61E406EB-5318-4E81-B144-128A6EB68621}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{6883C5FB-7923-4155-81C3-0EBDA6161A3C}" = protocol=6 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{6B89F885-5CDA-49A0-9B04-2CF907C32436}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{6F237C73-1DF6-468E-BC2F-4E4D309486AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7345D283-559F-4605-AAA5-2DF245365E3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{740FB74D-9911-4A56-BBF4-C256B3E9D738}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{795628BB-B74F-410C-83DD-07AA8640725B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7C9C6D48-825D-423A-B138-34DA1695DB97}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{7CE76ECF-2388-40B3-97DF-AE8341688DC4}" = protocol=6 | dir=out | app=system |
"{7ED16008-3B3D-4E49-A7FD-F2E60F782924}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7F45E489-EEBA-4E82-9A82-2EBEA63E61EE}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{87E604A4-7EA5-402E-BF28-01438DE61001}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D962B64-24BE-4254-A26B-99D39A2FD00B}" = protocol=17 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{8E526251-143C-4534-89BC-4CAD045FA589}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{8F4B733F-122A-4A88-927E-4A0C54B18E1D}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{8FA92505-51EE-41C8-8EA9-CEB2E0A551FC}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{96B0D824-04F5-47B1-9DC8-F1CFA71E0461}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9FB0E4CB-CAFC-4354-ACBE-8D386E075A97}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A5BA6D00-66E7-48FE-A197-8EBC521A8B48}" = protocol=6 | dir=in | app=c:\program files (x86)\rhapsody\rhapsody.exe |
"{A8BC2F0C-67EA-4FA6-8D59-AE997A88D0ED}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{ACEB1052-1D8F-40ED-8637-73486A742CF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C73C08EC-39C4-4DA1-91CA-E19DCDD8B967}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{D253FB48-1B20-47B4-A1D0-50EBE0841F6D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D3EF1D34-BAAF-4A37-BB2E-974D895F6E86}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D6D334A1-795D-4D28-9E95-5BB4AB6A9FDB}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{DD0BB6D1-83CC-4CFF-AEDB-D7827BC946B1}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{EE9CC0DD-3C17-4044-A9FB-534517A077A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF0E482F-6208-42DD-A71A-963B4DFF0531}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{024044FE-7F39-4C51-AF43-704EF2C61780}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{55BCFEB4-BA0A-4738-BD25-77F8442B5E7D}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"TCP Query User{D29B15DB-1BA4-4E6A-8B9B-AECDC347D454}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{D3A098C6-38DB-4589-8588-75E22F1F62DC}C:\program files (x86)\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer2\slvoice.exe |
"TCP Query User{EE104935-0E78-46FF-AB88-556E8F88F68A}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{763D1A06-A2E2-4AF0-A8B4-798DDBEAE964}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{7A19486C-93C4-47F8-8C75-CE68234CE32B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{B69F7E82-F7D8-4222-8FC1-40C078CC885E}C:\program files (x86)\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer2\slvoice.exe |
"UDP Query User{C7C3E8B5-02CF-4C14-88B4-2FC8E275E714}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{F36AFEA0-E8F5-412B-9191-0069B8F44B8D}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.12.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"Blender" = Blender
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"EPSON NX430 Series" = EPSON NX430 Series Printer Uninstall
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"SynTPDeinstKey" = Synaptics TouchPad Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C107330-16DF-4D39-AA74-0E5448AED9E8}" = HP Documentation
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F363A3E-92D8-4C24-B84F-487DA22BEE3E}" = EPSON PhotoQuicker3.0
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216014F0}" = Java(TM) 6 Update 14
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{31EEA563-3544-4EA1-8773-BCBF83F9627A}" = HP Software Framework
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CE75486-43C4-4E62-B184-E9CC6D653D3A}" = StroboSoft
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{BB1C717E-376C-4AA1-8940-81BFC38D9778}" = HP Quick Launch
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4A823CA-D124-456E-9A98-71544A928897}" = Sony ACID Music Studio 6.0b
"{D7670221-BF9B-4DFF-B26B-5BE55A87329F}" = HP On Screen Display
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"1ClickDownload" = HDVidCodec
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"AP Tuner 3.08" = AP Tuner 3.08
"avast" = avast! Free Antivirus
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Bryce 7.1 7.1.0.109" = Bryce 7.1
"Bryce 7.1 7.1.0.74" = Bryce 7.1
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Film Factory" = Film Factory
"FinalMediaPlayer_is1" = Final Media Player 2011
"Freecorder 7 Applications" = Freecorder 7 Applications (7.0.0.48)
"Freecorder extension" = Freecorder extension
"Freecorder extension for Firefox" = Freecorder extension for Firefox
"Freecorder extension x64" = Freecorder extension x64
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder5.11" = Freecorder 5
"GTK2-Runtime" = GTK2-Runtime
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"iTabla Desktop 3 Professional" = iTabla Desktop 3 Professional
"KTabS Reader" = KTabS Reader
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OneTouch Version 3.0" = OneTouch Version 3.0
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Panopticum Engraver 1.0_is1" = Panopticum Engraver 1.0
"PaperPort 7.0" = PaperPort 7.0
"REAPER" = REAPER
"RiyazStudio" = RiyazStudio
"Scala" = Scala
"Spectrum Analyzer pro Lab" = Spectrum Analyzer pro Lab
"Starry Night Backyard 4" = Starry Night Backyard 4
"SwarPlug Demo" = SwarPlug Demo
"Trusted Software Assistant_is1" = File Type Assistant
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3725795197-1872689522-2498876610-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/28/2012 11:56:04 AM | Computer Name = bigdog-HP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 142c Start
Time: 01cd6ccecd952531 Termination Time: 16 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 8/26/2012 12:38:50 PM | Computer Name = bigdog-HP | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514,
time stamp: 0x4ce7ae7f Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e21213c Exception code: 0x0000046b Fault offset: 0x000000000000cacd
Faulting
process id: 0x1344 Faulting application start time: 0x01cd837f42165728 Faulting application
path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 836c2b01-ef9c-11e1-8384-cc52afa1f6af

Error - 8/27/2012 2:58:02 PM | Computer Name = bigdog-HP | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514,
time stamp: 0x4ce7ae7f Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e21213c Exception code: 0x0000046b Fault offset: 0x000000000000cacd
Faulting
process id: 0x1394 Faulting application start time: 0x01cd844c4ecaf6b6 Faulting application
path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 1fb9ab05-f079-11e1-90f3-cc52afa1f6af

Error - 9/1/2012 9:39:41 PM | Computer Name = bigdog-HP | Source = Application Hang | ID = 1002
Description = The program FCAudio.exe version 1.5.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: d9c Start Time:
01cd88ab9bfb42ad Termination Time: 0 Application Path: C:\Program Files (x86)\Freecorder\FCAudio.exe

Report
Id: 0dcbf061-f49f-11e1-8d96-cc52afa1f6af

Error - 9/1/2012 9:54:03 PM | Computer Name = bigdog-HP | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514,
time stamp: 0x4ce7ae7f Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e21213c Exception code: 0x0000046b Fault offset: 0x000000000000cacd
Faulting
process id: 0x1290 Faulting application start time: 0x01cd883ffa361255 Faulting application
path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 119c9b1a-f4a1-11e1-8d96-cc52afa1f6af

Error - 9/5/2012 11:02:40 PM | Computer Name = bigdog-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
time stamp: 0x4fecf1b7 Faulting module name: AcroRd32.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4f71ac4e Exception code: 0xc0000005 Fault offset: 0x61cee281 Faulting
process id: 0x1c24 Faulting application start time: 0x01cd8bb04ee41e1e Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
AcroRd32.dll Report Id: 518809fe-f7cf-11e1-8c59-cc52afa1f6af

Error - 9/5/2012 11:02:47 PM | Computer Name = bigdog-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
time stamp: 0x4fecf1b7 Faulting module name: AcroRd32.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4f71ac4e Exception code: 0xc000041d Fault offset: 0x61cee281 Faulting
process id: 0x1c24 Faulting application start time: 0x01cd8bb04ee41e1e Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
AcroRd32.dll Report Id: 55a42a37-f7cf-11e1-8c59-cc52afa1f6af

Error - 9/5/2012 11:03:28 PM | Computer Name = bigdog-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPWA_Service.exe, version: 1.0.10.0, time
stamp: 0x4c349890 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e21213c Exception code: 0xc0020001 Fault offset: 0x000000000000cacd
Faulting
process id: 0x15d8 Faulting application start time: 0x01cd8a9159a11fe5 Faulting application
path: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe Faulting
module path: C:\Windows\system32\KERNELBASE.dll Report Id: 6e00bf85-f7cf-11e1-8c59-cc52afa1f6af

Error - 9/18/2012 5:49:05 AM | Computer Name = bigdog-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPWMISVC.exe, version: 2.3.1.0, time stamp:
0x4df6ef63 Faulting module name: HPWMISVC.exe, version: 2.3.1.0, time stamp: 0x4df6ef63
Exception
code: 0xc0000005 Fault offset: 0x000016d1 Faulting process id: 0x62c Faulting application
start time: 0x01cd95825366b906 Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP
Quick Launch\HPWMISVC.exe Faulting module path: C:\Program Files (x86)\Hewlett-Packard\HP
Quick Launch\HPWMISVC.exe Report Id: 152d41bb-0176-11e2-82c0-cc52afa1f6af

Error - 9/25/2012 9:56:07 PM | Computer Name = bigdog-HP | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514,
time stamp: 0x4ce7ae7f Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e21213c Exception code: 0x0000046b Fault offset: 0x000000000000cacd
Faulting
process id: 0x1394 Faulting application start time: 0x01cd9b7e3e9c6317 Faulting application
path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 556fc840-077d-11e2-bbf0-cc52afa1f6af

[ Hewlett-Packard Events ]
Error - 6/9/2011 6:02:39 PM | Computer Name = bigdog-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061109060236.xml
File not created by asset agent

Error - 6/21/2011 4:24:53 PM | Computer Name = bigdog-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061121042450.xml
File not created by asset agent

Error - 6/21/2011 4:49:50 PM | Computer Name = bigdog-HP | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HP.ActiveSupportLibrary

at HP.ActiveSupportLibrary.Issues.HPSFSession.?()

Error - 7/7/2011 1:40:55 PM | Computer Name = bigdog-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071107014053.xml
File not created by asset agent

Error - 7/12/2011 4:29:21 PM | Computer Name = bigdog-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071112042912.xml
File not created by asset agent

Error - 8/2/2011 12:41:33 PM | Computer Name = bigdog-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081102124130.xml
File not created by asset agent

Error - 8/16/2011 2:14:30 PM | Computer Name = bigdog-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081116021428.xml
File not created by asset agent

Error - 9/20/2011 12:17:52 PM | Computer Name = bigdog-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091120121749.xml
File not created by asset agent

Error - 10/27/2011 6:37:52 AM | Computer Name = bigdog-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 3893 Ram Utilization: 50 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

[ HP Wireless Assistant Events ]
Error - 6/6/2011 9:39:24 AM | Computer Name = bigdog-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 6/6/2011 9:39:32 AM | Computer Name = bigdog-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 6/6/2011 9:40:40 AM | Computer Name = bigdog-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 6/6/2011 9:40:48 AM | Computer Name = bigdog-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 6/6/2011 9:41:56 AM | Computer Name = bigdog-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 6/6/2011 9:42:03 AM | Computer Name = bigdog-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 6/6/2011 9:43:11 AM | Computer Name = bigdog-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 6/6/2011 9:43:19 AM | Computer Name = bigdog-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 6/13/2011 6:41:14 AM | Computer Name = bigdog-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 6/13/2011 6:41:14 AM | Computer Name = bigdog-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ System Events ]
Error - 5/24/2013 1:26:39 PM | Computer Name = bigdog-HP | Source = DCOM | ID = 10016
Description =

Error - 5/24/2013 10:26:55 PM | Computer Name = bigdog-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:36:50 PM on ?5/?24/?2013 was unexpected.

Error - 5/25/2013 6:03:22 AM | Computer Name = bigdog-HP | Source = DCOM | ID = 10010
Description =

Error - 5/25/2013 4:35:37 PM | Computer Name = bigdog-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \...\DR1.

Error - 5/29/2013 6:08:13 PM | Computer Name = bigdog-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:30:41 AM on ?5/?29/?2013 was unexpected.

Error - 5/30/2013 5:32:01 PM | Computer Name = bigdog-HP | Source = Microsoft-Windows-Kernel-Power | ID = 88
Description = The system was hibernated due to a critical thermal event. Hibernate
Time = 2013-05-30T21:32:01.919527300Z ACPI Thermal Zone = ACPI\ThermalZone\TZ01

_HOT = 363K

Error - 5/30/2013 5:32:01 PM | Computer Name = bigdog-HP | Source = Microsoft-Windows-Kernel-Power | ID = 88
Description = The system was hibernated due to a critical thermal event. Hibernate
Time = 2013-05-30T21:32:01.949527300Z ACPI Thermal Zone = ACPI\ThermalZone\TZ01

_HOT = 363K

Error - 5/30/2013 5:32:06 PM | Computer Name = bigdog-HP | Source = Microsoft-Windows-Kernel-Power | ID = 88
Description = The system was hibernated due to a critical thermal event. Hibernate
Time = 2013-05-30T21:32:06.938717800Z ACPI Thermal Zone = ACPI\ThermalZone\TZ01

_HOT = 363K

Error - 6/2/2013 6:46:57 AM | Computer Name = bigdog-HP | Source = DCOM | ID = 10010
Description =

Error - 6/3/2013 10:20:25 PM | Computer Name = bigdog-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \...\DR4.


< End of report >
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby deltalima » June 6th, 2013, 10:40 am

Please split the GMER log file and post in multiple posts.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 1:03 pm

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-05 20:35:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0005 465.76GB
Running: cumfnxfg.exe; Driver: C:\Users\bigdog\AppData\Local\Temp\uwdcypob.sys


---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 000000014a420470
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 000000014a420460
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 000000014a420370
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 000000014a420480
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 000000014a4203e0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 000000014a420320
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 000000014a4203b0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 000000014a420390
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 000000014a4202e0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 000000014a420440
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 000000014a4202d0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 000000014a420310
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 000000014a4203c0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 000000014a4203f0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 000000014a420230
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0xffffffffd33ee890}
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 000000014a420490
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 000000014a4203a0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 000000014a4202f0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 000000014a420350
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 000000014a420290
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 000000014a4202b0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 000000014a4203d0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 000000014a420330
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0xffffffffd33ee590}
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 000000014a420410
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 000000014a420240
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 000000014a4201e0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 000000014a420250
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0xffffffffd33ee090}
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 000000014a4204a0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 000000014a4204b0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 000000014a420300
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 000000014a420360
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 000000014a4202a0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 000000014a4202c0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 000000014a420380
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 000000014a420340
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 000000014a420450
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 000000014a420260
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 000000014a420270
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 000000014a420400
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 000000014a4201f0
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 000000014a420210
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 000000014a420200
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 000000014a420420
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 000000014a420430
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 000000014a420220
.text C:\Windows\system32\csrss.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 000000014a420280
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000000771903e0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000077190400
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\system32\wininit.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 000000014a420470
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 000000014a420460
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 000000014a420370
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 000000014a420480
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 000000014a4203e0
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 000000014a420320
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 000000014a4203b0
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 000000014a420390
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 000000014a4202e0
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 000000014a420440
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 000000014a4202d0
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 000000014a420310
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 000000014a4203c0
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 000000014a4203f0
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 000000014a420230
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0xffffffffd33ee890}
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 000000014a420490
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 000000014a4203a0
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 000000014a4202f0
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 000000014a420350
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 000000014a420290
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 000000014a4202b0
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 000000014a4203d0
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 000000014a420330
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0xffffffffd33ee590}
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 000000014a420410
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 000000014a420240
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 000000014a4201e0
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 000000014a420250
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0xffffffffd33ee090}
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 000000014a4204a0
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 000000014a4204b0
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 000000014a420300
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 000000014a420360
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 000000014a4202a0
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 000000014a4202c0
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 000000014a420380
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 000000014a420340
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 000000014a420450
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 000000014a420260
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 000000014a420270
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 000000014a420400
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 000000014a4201f0
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 000000014a420210
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 000000014a420200
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 000000014a420420
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 000000014a420430
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 000000014a420220
.text C:\Windows\system32\csrss.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 000000014a420280
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000000771903e0
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000077190400
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\system32\services.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\system32\services.exe[652] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000100070470
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000100070460
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000100070370
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000100070480
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000100070320
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000100070390
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000100070440
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000100070310
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000100070230
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0xffffffff8903e890}
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000100070490
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000100070350
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000100070290
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000100070330
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0xffffffff8903e590}
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000100070410
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000100070240
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000100070250
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0xffffffff8903e090}
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000001000704b0
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000100070300
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000100070360
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000100070380
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000100070340
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000100070450
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000100070260
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000100070270
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000100070400
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000100070210
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000100070200
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000100070420
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000100070430
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000100070220
.text C:\Windows\system32\lsass.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000100070280
.text C:\Windows\system32\lsass.exe[668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000000771903e0
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000077190400
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\system32\lsm.exe[676] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000000771903e0
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 1:10 pm

.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000077190400
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\system32\winlogon.exe[792] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0xffffffff8903e890}
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0xffffffff8903e590}
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0xffffffff8903e090}
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000001000704b0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[840] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000000771903e0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000077190400
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000000771903e0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 1:11 pm

.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000077190400
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\System32\svchost.exe[484] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\System32\svchost.exe[484] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000100070470
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000100070460
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000100070370
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000100070480
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000100070320
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000100070390
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000100070440
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000100070310
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000100070230
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0xffffffff8903e890}
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000100070490
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000100070350
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000100070290
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000100070330
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0xffffffff8903e590}
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000100070410
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000100070240
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000100070250
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0xffffffff8903e090}
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000001000704b0
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000100070300
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000100070360
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000100070380
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000100070340
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000100070450
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000100070260
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000100070270
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000100070400
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000100070210
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000100070200
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000100070420
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000100070430
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000100070220
.text C:\Windows\System32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000100070280
.text C:\Windows\System32\svchost.exe[520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000000771903e0
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000077190400
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\system32\svchost.exe[560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\system32\svchost.exe[560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000000771903e0
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000077190400
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\system32\svchost.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\system32\svchost.exe[412] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Program Files\IDT\WDM\STacSV64.exe[428] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0xffffffff8903e890}
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0xffffffff8903e590}
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0xffffffff8903e090}
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000001000704b0
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[1260] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000000771903e0
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 1:12 pm

.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000077190400
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\system32\WLANExt.exe[1356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000100070470
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000100070460
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000100070370
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000100070480
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000100070320
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000100070390
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000100070440
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000100070310
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000100070230
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0xffffffff8903e890}
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000100070490
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000100070350
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000100070290
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000100070330
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0xffffffff8903e590}
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000100070410
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000100070240
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000100070250
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0xffffffff8903e090}
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000001000704b0
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000100070300
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000100070360
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000100070380
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000100070340
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000100070450
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000100070260
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000100070270
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000100070400
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000100070210
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000100070200
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000100070420
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000100070430
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000100070220
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000100070280
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000000771903e0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000077190400
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe[1708] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1868] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Bonjour\mDNSResponder.exe[1924] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000000771903e0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000077190400
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1976] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000000771903e0
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000077190400
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 1:13 pm

.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2016] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000000771903e0
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000077190400
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 00000000771903e0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 0000000077190400
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[1292] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100111014
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100110a08
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100110c0c
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100110e10
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[2184] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100240c0c
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100240e10
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100261014
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100260804
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100260a08
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100260c0c
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100260e10
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002601f8
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002603fc
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100260600
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001002701f8
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001002703fc
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100270804
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100270600
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100270a08
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2232] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100241014
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100240c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100240e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2260] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100250a08
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 000000010047075c
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001004703a4
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 0000000100470b14
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100470ecc
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 000000010047163c
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 0000000100471284
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 1:13 pm

.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001004719f4
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2284] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 000000010021075c
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001002103a4
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 0000000100210b14
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100210ecc
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 000000010021163c
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 0000000100211284
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001002119f4
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Windows\system32\taskhost.exe[2572] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 000000010016075c
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001001603a4
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 0000000100160b14
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100160ecc
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 000000010016163c
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 0000000100161284
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001001619f4
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Windows\system32\Dwm.exe[2648] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 000000010039075c
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001003903a4
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 0000000100390b14
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100390ecc
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 000000010039163c
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 0000000100391284
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001003919f4
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Windows\Explorer.EXE[2708] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Windows\Explorer.EXE[2708] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am

Re: unresponsive Internet Explorer

Unread postby heyoka05 » June 6th, 2013, 1:18 pm

.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Common Files\Motive\McciCMService.exe[2756] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe[2836] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100250600
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077003ae0 5 bytes JMP 000000010044075c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077007a90 5 bytes JMP 00000001004403a4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000770313c0 5 bytes JMP 0000000077190470
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077031410 5 bytes JMP 0000000077190460
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077031490 5 bytes JMP 0000000100440b14
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000770314f0 5 bytes JMP 0000000100440ecc
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077031570 5 bytes JMP 0000000077190370
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000770315c0 5 bytes JMP 0000000077190480
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000770315d0 5 bytes JMP 000000010044163c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077031680 5 bytes JMP 0000000077190320
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000770316b0 5 bytes JMP 00000000771903b0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000770316d0 5 bytes JMP 0000000077190390
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077031710 5 bytes JMP 00000000771902e0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077031760 5 bytes JMP 0000000077190440
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077031790 5 bytes JMP 00000000771902d0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000770317b0 5 bytes JMP 0000000077190310
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000770317f0 5 bytes JMP 00000000771903c0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077031810 5 bytes JMP 0000000100441284
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077031840 5 bytes JMP 00000000771903f0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000770319a0 1 byte JMP 0000000077190230
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry + 2 00000000770319a2 3 bytes {JMP 0x15e890}
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077031b60 5 bytes JMP 0000000077190490
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077031b90 5 bytes JMP 00000000771903a0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077031c70 5 bytes JMP 00000000771902f0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077031c80 5 bytes JMP 0000000077190350
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077031ce0 5 bytes JMP 0000000077190290
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077031d70 5 bytes JMP 00000000771902b0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077031d90 5 bytes JMP 00000000771903d0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077031da0 1 byte JMP 0000000077190330
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer + 2 0000000077031da2 3 bytes {JMP 0x15e590}
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077031e10 5 bytes JMP 0000000077190410
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077031e40 5 bytes JMP 0000000077190240
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077032100 5 bytes JMP 00000000771901e0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000770321c0 1 byte JMP 0000000077190250
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry + 2 00000000770321c2 3 bytes {JMP 0x15e090}
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000770321f0 5 bytes JMP 00000000771904a0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077032200 5 bytes JMP 00000000771904b0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077032230 5 bytes JMP 0000000077190300
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077032240 5 bytes JMP 0000000077190360
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000770322a0 5 bytes JMP 00000000771902a0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000770322f0 5 bytes JMP 00000000771902c0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077032320 5 bytes JMP 0000000077190380
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077032330 5 bytes JMP 0000000077190340
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077032620 5 bytes JMP 0000000077190450
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077032820 5 bytes JMP 0000000077190260
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077032830 5 bytes JMP 0000000077190270
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077032840 5 bytes JMP 00000001004419f4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077032a00 5 bytes JMP 00000000771901f0
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077032a10 5 bytes JMP 0000000077190210
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077032a80 5 bytes JMP 0000000077190200
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077032ae0 5 bytes JMP 0000000077190420
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077032af0 5 bytes JMP 0000000077190430
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077032b00 5 bytes JMP 0000000077190220
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077032be0 5 bytes JMP 0000000077190280
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd1f6e00 5 bytes JMP 000007ff7d211dac
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd1f6f2c 5 bytes JMP 000007ff7d210ecc
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd1f7220 5 bytes JMP 000007ff7d211284
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd1f739c 5 bytes JMP 000007ff7d21163c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd1f7538 5 bytes JMP 000007ff7d2119f4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd1f75e8 5 bytes JMP 000007ff7d2103a4
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd1f790c 5 bytes JMP 000007ff7d21075c
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2884] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd1f7ab4 5 bytes JMP 000007ff7d210b14
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075781465 2 bytes [78, 75]
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757814bb 2 bytes [78, 75]
.text ... * 2
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001001501f8
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001001503fc
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 0000000100150804
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 0000000100150600
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 0000000100150a08
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100161014
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100160804
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100160a08
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100160c0c
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100160e10
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001601f8
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001603fc
.text C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe[2964] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100160600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000771dfaa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000771dfb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000771dfc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771e0018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771e1900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077201217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ea30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076ce5181 5 bytes JMP 0000000100191014
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076ce5254 5 bytes JMP 0000000100190804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000076ce53d5 5 bytes JMP 0000000100190a08
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000076ce54c2 5 bytes JMP 0000000100190c0c
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000076ce55e2 5 bytes JMP 0000000100190e10
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000076ce567c 5 bytes JMP 00000001001901f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000076ce589f 5 bytes JMP 00000001001903fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076ce5a22 5 bytes JMP 0000000100190600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000766eee09 5 bytes JMP 00000001001a01f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000766f3982 5 bytes JMP 00000001001a03fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000766f7603 5 bytes JMP 00000001001a0804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000766f835c 5 bytes JMP 00000001001a0600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2800] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007670f52b 5 bytes JMP 00000001001a0a08
.text C:\Windows\system32\svchost.exe[2516] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076f1eecd 1 byte [62]
heyoka05
Regular Member
 
Posts: 72
Joined: July 11th, 2007, 11:48 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware