Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Memory

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Memory

Unread postby nimble1111x » January 30th, 2011, 3:49 pm

My computer keeps on losing memory. After I deleted files i have not used and know not to be important (music, pictures, stuff like that) my computer memory was 8.25GB free, within the hour (without downlaoding/installing anything) it has been reduced to 7.85GB free. I installed 'Hijack This' and it gave me this report.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:37:29, on 30/01/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\ANGELA~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\werfault.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\dfrgui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Angelakis\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101207204310.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Advertising Cookie Opt-out - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MediaBarFileManager] C:\Program Files\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9855f110434bc) (gupdate1c9855f110434bc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

--
End of file - 14399 bytes
nimble1111x
Active Member
 
Posts: 13
Joined: January 30th, 2011, 3:39 pm
Advertisement
Register to Remove

Re: Memory

Unread postby deltalima » February 2nd, 2011, 3:43 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Memory

Unread postby deltalima » February 2nd, 2011, 3:57 pm

Hi nimble1111x,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Uninstall List
  • Open HijackThis.
  • Click on Open the Misc tools section.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Memory

Unread postby nimble1111x » February 3rd, 2011, 12:47 am

Thank you :) here is what I copied and pasted:

32 Bit HP CIO Components Installer
Acer Arcade Deluxe
Acer Crystal Eye Webcam 2.0.8
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GameZone Console 2.0.1.1
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Agatha Christie Death on the Nile
Agere Systems HDA Modem
Alice Greenfingers
AudibleManager
Azada
Backspin Billiards
Big Kahuna Reef
BitComet 1.10
Bookworm Deluxe
Bricks of Egypt
BT NetProtect Plus
Cake Mania
CCleaner
Chicken Invaders 3
Chuzzle
Creative Removable Disk Manager
Creative System Information
Creative ZEN
Diner Dash Flo on the Go
eSobi v2
Flip Words 2
GearDrvs
Google Advertising Cookie Opt-out
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
Intel(R) Graphics Media Accelerator Driver
Jewel Quest Solitaire
Junk Mail filter update
Kick N Rush
K-Lite Codec Pack 5.4.0 (Basic)
Launch Manager
Mahjong Escape Ancient China
Mahjongg Artifacts
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NTI Backup Now 5
NTI Media Maker 8
OD2 Music Manager
Orion
PhotoNow!
PowerDirector
Rapport
Rapport
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shop for HP Supplies
Synaptics Pointing Device Driver
The Battle for Middle-earth (tm) II
Turbo Pizza
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2483110)
Vodafone PC Assistant V1.9.9
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Yahoo! Toolbar
ZENcast Organizer
Zuma Deluxe
nimble1111x
Active Member
 
Posts: 13
Joined: January 30th, 2011, 3:39 pm

Re: Memory

Unread postby deltalima » February 3rd, 2011, 5:12 am

Hi nimble1111x,

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    BitComet 1.10


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Right click on CKScanner.exe and select: Run as Administrator. then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select: Run as Administrator.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Memory

Unread postby nimble1111x » February 5th, 2011, 10:18 am

Thanks again, BitComet removed

CKScanner:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\angelakis\favorites\links\cracked.url
scanner sequence 3.AP.11
----- EOF -----

MGADiag.exe:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-Q9CM8-KTDKK-8QXTR
Windows Product Key Hash: OI3PQUp2nK/Ysh5U6MY15ORIfio=
Windows Product ID: 89572-OEM-7332166-00029
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.002
ID: {5457ED0E-B04A-447D-A95A-E6A897FFA812}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Basic
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.100608-0458
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{5457ED0E-B04A-447D-A95A-E6A897FFA812}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-8QXTR</PKey><PID>89572-OEM-7332166-00029</PID><PIDType>2</PIDType><SID>S-1-5-21-2890151161-2566409302-1277598994</SID><SYSTEM><Manufacturer>Acer </Manufacturer><Model>Aspire 5735 </Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>V1.07 </Version><SMBIOSVersion major="2" minor="5"/><Date>20080827000000.000000+000</Date></BIOS><HWID>AE333507018400FA</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>5D65FE14D58F586</Val><Hash>BAoDbPc0n8rFHidSDI0n88MWyd0=</Hash><Pid>89388-707-0270147-65625</Pid><PidType>14</PidType></Product><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>8291459EE5CA72A</Val><Hash>2PKPz86ap5LBGHoXpLK7EPU3CGA=</Hash><Pid>81602-917-0632145-68084</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomeBasic edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: 199086aa-6cb8-4e5b-b698-f2be56f1e8ee
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89572-00146-321-600029-02-1033-6001.0000-3282008
Installation ID: 166501594984333246130343543382171002293232246772501342
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: 8QXTR
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NAAAAAEAAgABAAIAAQABAAAAAwABAAEAeqi8k6pVcoV6fzgkotaq6fL0RKpiApDlrFYqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC PTLTD APIC
FACP INTEL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
SLIC ACRSYS ACRPRDCT
SSDT BrtRef DD01BRT
SSDT BrtRef DD01BRT


This laptop is for home use
nimble1111x
Active Member
 
Posts: 13
Joined: January 30th, 2011, 3:39 pm

Re: Memory

Unread postby deltalima » February 5th, 2011, 10:32 am

Hi nimble1111x,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select: Run as Administrator.. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Memory

Unread postby nimble1111x » February 6th, 2011, 5:53 pm

Thanks, I cannot post all of them at once as it goes over the maximum number of characters allowed, so i have posted them in stages


OTL:

OTL logfile created on: 05/02/2011 16:00:11 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Angelakis\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 6.41 Gb Free Space | 9.20% Space Free | Partition Type: NTFS
Drive D: | 69.64 Gb Total Space | 69.19 Gb Free Space | 99.36% Space Free | Partition Type: NTFS

Computer Name: ANGELAKIS-PC | User Name: Angelakis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/05 15:59:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Angelakis\Downloads\OTL.exe
PRC - [2010/11/12 14:17:32 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/11/12 14:17:32 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2010/10/03 22:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/09/04 13:09:24 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/08/25 19:45:38 | 000,179,224 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2010/08/04 14:30:44 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/08/04 11:24:42 | 001,180,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/12/14 20:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/07/18 03:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/06 18:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2008/11/23 14:56:14 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Angelakis\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008/11/23 14:55:59 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/09/10 22:02:24 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/06/13 21:52:52 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/06/11 17:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/05/15 00:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/05/15 00:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/04/18 22:18:02 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008/04/10 23:30:20 | 000,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008/04/10 23:30:14 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008/04/07 05:42:36 | 000,034,040 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008/04/07 05:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/04 10:03:14 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/03/21 20:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/18 19:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/03/03 20:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/17 01:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007/12/06 23:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/10/25 12:51:48 | 000,380,928 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
PRC - [2007/10/23 17:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007/06/25 11:55:12 | 000,030,024 | ---- | M] () -- C:\Program Files\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe


========== Modules (SafeList) ==========

MOD - [2011/02/05 15:59:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Angelakis\Downloads\OTL.exe
MOD - [2010/10/03 22:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/07/14 12:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/12 14:17:32 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/11/12 14:17:32 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/03 22:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/09/04 13:09:24 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/04 14:30:44 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/05/20 16:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 10:16:56 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/12/14 20:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 20:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/12/14 20:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2009/12/14 20:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/12/14 20:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/05/15 00:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/04/07 05:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/04 10:03:14 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/21 20:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 19:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/03 20:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 01:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007/12/06 23:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - [2010/11/12 14:17:32 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/11/12 14:17:32 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/11/12 14:17:32 | 000,164,840 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/11/12 14:17:32 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/11/12 14:17:32 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/11/12 14:17:32 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/11/12 14:17:32 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/11/12 14:17:32 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/11/12 14:17:32 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/10/03 22:54:04 | 000,034,792 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys -- (RapportCerberus_19917)
DRV - [2010/10/03 22:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/03 22:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/08/25 19:31:30 | 009,024,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2010/05/15 17:35:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/08/12 20:33:38 | 000,061,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/06/14 01:10:08 | 002,152,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/15 00:05:44 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/05/15 00:05:42 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/05/15 00:05:42 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008/04/28 14:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/04/25 18:08:42 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/18 22:01:24 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/03/21 17:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/02/29 23:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/21 09:55:00 | 000,299,008 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/01/31 01:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/31 01:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/21 02:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 02:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:32:49 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/01/21 02:32:48 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008/01/21 02:32:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008/01/21 02:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:32:48 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/21 02:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 02:32:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/21 02:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 02:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 02:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/17 01:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007/09/11 03:38:58 | 000,101,504 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hmvmdm.sys -- (MobileAdapter)
DRV - [2006/11/03 05:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2890151161-2566409302-1277598994-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
IE - HKU\S-1-5-21-2890151161-2566409302-1277598994-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2890151161-2566409302-1277598994-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2890151161-2566409302-1277598994-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2890151161-2566409302-1277598994-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/16 09:43:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/11 17:33:51 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101207204310.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2890151161-2566409302-1277598994-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-2890151161-2566409302-1277598994-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2890151161-2566409302-1277598994-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MediaBarFileManager] C:\Program Files\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe ()
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2890151161-2566409302-1277598994-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2890151161-2566409302-1277598994-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2890151161-2566409302-1277598994-1000\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5077f537-da8f-11dd-b9ef-001d72cd0895}\Shell - "" = AutoRun
O33 - MountPoints2\{5077f537-da8f-11dd-b9ef-001d72cd0895}\Shell\AutoRun\command - "" = F:\VFPcAssistant.exe
O33 - MountPoints2\{769c5baa-d829-11dd-98f0-001d72cd0895}\Shell - "" = AutoRun
O33 - MountPoints2\{769c5baa-d829-11dd-98f0-001d72cd0895}\Shell\AutoRun\command - "" = F:\VFPcAssistant.exe
O33 - MountPoints2\{7b6e9dd6-37f8-11df-8f8c-001d72cd0895}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe
O33 - MountPoints2\{e4f9a853-0522-11e0-8196-001d72cd0895}\Shell - "" = AutoRun
O33 - MountPoints2\{e4f9a853-0522-11e0-8196-001d72cd0895}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{fa1083ca-b3ee-11de-a505-001d72cd0895}\Shell - "" = AutoRun
O33 - MountPoints2\{fa1083ca-b3ee-11de-a505-001d72cd0895}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/05 15:58:58 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Angelakis\Desktop\MGADiag.exe
[2011/02/05 14:15:42 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/02/05 12:30:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2011/02/01 16:02:45 | 000,000,000 | ---D | C] -- C:\Users\Angelakis\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2011/02/01 16:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011/02/01 15:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2011/01/30 23:28:52 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011/01/29 19:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/01/29 19:00:40 | 003,006,368 | ---- | C] (Piriform Ltd) -- C:\Users\Angelakis\Documents\ccsetup303.exe
[2011/01/27 23:57:28 | 000,000,000 | ---D | C] -- C:\Users\Angelakis\AppData\Roaming\Template
[2011/01/12 16:48:39 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/01/12 16:48:25 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/01/09 17:28:33 | 000,000,000 | ---D | C] -- C:\Users\Angelakis\AppData\Roaming\Ygnu
[2011/01/09 17:28:33 | 000,000,000 | ---D | C] -- C:\Users\Angelakis\AppData\Roaming\Uctis
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2008/09/23 21:22:43 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/02/05 15:58:23 | 000,000,539 | ---- | M] () -- C:\Users\Angelakis\Desktop\CKScanner.lnk
[2011/02/05 15:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/05 14:47:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/05 14:47:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/05 14:12:44 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Angelakis\Desktop\MGADiag.exe
[2011/02/05 14:01:09 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/05 12:53:34 | 000,617,480 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/05 12:53:34 | 000,112,560 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/05 12:48:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/02/05 12:47:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/04 00:16:05 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/02/03 13:19:23 | 000,005,972 | ---- | M] () -- C:\Users\Angelakis\AppData\Local\d3d9caps.dat
[2011/02/01 16:02:05 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\The Battle for Middle-earth (tm) II.lnk
[2011/01/30 13:46:37 | 000,010,081 | ---- | M] () -- C:\Users\Angelakis\Documents\Books.docx
[2011/01/30 13:45:31 | 000,002,651 | ---- | M] () -- C:\Users\Angelakis\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word.lnk
[2011/01/29 19:11:19 | 000,132,268 | ---- | M] () -- C:\Users\Angelakis\Documents\cc_20110129_191046 REGISTRY BACK UP.reg
[2011/01/29 19:01:54 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/01/29 19:00:40 | 003,006,368 | ---- | M] (Piriform Ltd) -- C:\Users\Angelakis\Documents\ccsetup303.exe
[2011/01/29 18:29:05 | 000,002,619 | ---- | M] () -- C:\Users\Angelakis\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2007.lnk
[2011/01/27 23:57:23 | 000,000,000 | ---- | M] () -- C:\Users\Angelakis\AppData\Roaming\wklnhst.dat
[2011/01/25 09:53:28 | 000,011,441 | ---- | M] () -- C:\Users\Angelakis\Documents\Historians before the nineteenth century judged the past by their own standards.docx
[2011/01/22 17:22:55 | 000,000,585 | ---- | M] () -- C:\Users\Angelakis\Application Data\Microsoft\Internet Explorer\Quick Launch\History - Shortcut (2).lnk
[2011/01/15 12:30:01 | 000,002,627 | ---- | M] () -- C:\Users\Angelakis\Desktop\Microsoft Office Word.lnk

========== Files Created - No Company Name ==========

[2011/02/05 15:58:23 | 000,000,539 | ---- | C] () -- C:\Users\Angelakis\Desktop\CKScanner.lnk
[2011/02/01 16:02:05 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\The Battle for Middle-earth (tm) II.lnk
[2011/01/30 13:46:34 | 000,010,081 | ---- | C] () -- C:\Users\Angelakis\Documents\Books.docx
[2011/01/29 19:11:07 | 000,132,268 | ---- | C] () -- C:\Users\Angelakis\Documents\cc_20110129_191046 REGISTRY BACK UP.reg
[2011/01/29 19:01:54 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/01/27 23:57:23 | 000,000,000 | ---- | C] () -- C:\Users\Angelakis\AppData\Roaming\wklnhst.dat
[2011/01/25 09:49:12 | 000,011,441 | ---- | C] () -- C:\Users\Angelakis\Documents\Historians before the nineteenth century judged the past by their own standards.docx
[2011/01/22 17:22:55 | 000,000,585 | ---- | C] () -- C:\Users\Angelakis\Application Data\Microsoft\Internet Explorer\Quick Launch\History - Shortcut (2).lnk
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/07/22 17:14:23 | 000,005,972 | ---- | C] () -- C:\Users\Angelakis\AppData\Local\d3d9caps.dat
[2010/05/15 17:35:30 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/12/04 11:52:24 | 000,007,286 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/11/09 21:02:12 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/08/18 19:08:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/11/23 22:07:38 | 000,065,024 | ---- | C] () -- C:\Users\Angelakis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/23 20:55:53 | 000,003,287 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/09/23 21:12:56 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008/09/23 20:41:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/09/23 20:39:48 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/09/23 20:39:48 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/09/23 20:38:22 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/05/15 05:50:47 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/05/15 05:47:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/05/15 05:47:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/05/14 12:48:18 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/05/14 12:48:14 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008/05/14 12:48:14 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008/05/14 12:48:13 | 000,000,042 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/10/31 21:28:22 | 000,069,632 | ---- | C] () -- C:\Windows\System32\MobOlExt.dll
[2001/12/26 23:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 06:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 23:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 05:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

< End of report >
nimble1111x
Active Member
 
Posts: 13
Joined: January 30th, 2011, 3:39 pm

Re: Memory

Unread postby nimble1111x » February 6th, 2011, 5:54 pm

Extra:

OTL Extras logfile created on: 05/02/2011 16:00:11 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Angelakis\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 6.41 Gb Free Space | 9.20% Space Free | Partition Type: NTFS
Drive D: | 69.64 Gb Total Space | 69.19 Gb Free Space | 99.36% Space Free | Partition Type: NTFS

Computer Name: ANGELAKIS-PC | User Name: Angelakis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BF1562-9A75-4D83-8787-B5B316CD0258}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2335F13A-9835-443D-9A25-804975BD345B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23B84018-0CF1-4455-82B5-8E9FED645664}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{28B744EE-4527-4E64-8E91-6D5792FD8DF0}" = rport=137 | protocol=17 | dir=out | app=system |
"{4727CBB9-EE42-4492-96AA-DFA6A2EB9A53}" = lport=445 | protocol=6 | dir=in | app=system |
"{57F67B03-4DBF-449A-A400-0A14F030BD03}" = lport=139 | protocol=6 | dir=in | app=system |
"{64936945-6792-42CB-80E5-D6A072078E6A}" = rport=445 | protocol=6 | dir=out | app=system |
"{6B188FA4-A882-4E45-A713-D5A43CAB9EFC}" = lport=137 | protocol=17 | dir=in | app=system |
"{6BF8CC47-2CE8-44D2-B0F9-3B8054BDC52D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{732A2CD8-E883-47AC-9006-2090D5F7A5BF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8E7530F9-61F7-488C-8ECF-31895C37D0D3}" = rport=138 | protocol=17 | dir=out | app=system |
"{9DF0A021-6814-4ED9-A7F5-28FAC2AB825A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A8D23AD2-22D5-44E5-9B48-6D0A11363290}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B2FE5AD6-1F19-46ED-B56C-D17C984E29A6}" = lport=138 | protocol=17 | dir=in | app=system |
"{B909FCB9-95BF-4605-9737-14CF60AFDB0B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EA986C41-71C7-4426-B22A-8418701B3D60}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F014313B-FB5A-418D-9FDB-CB2249723ADF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F36D7220-2A35-43EF-A0AA-5B3608745510}" = rport=139 | protocol=6 | dir=out | app=system |
"{F8C9BD8F-FD39-4136-A27E-8A1DA4F61E08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F9B8D13A-BA99-4BB8-8106-37314AD2D482}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21DF1090-CA4C-403E-AD58-8CD443BDD59F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{27480808-AC70-4095-8647-9F9FE9589456}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{284464BC-9494-4DD1-A3F8-3660E1D27497}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{2B96FE96-251A-4DAB-904E-9BFAF0F46EB3}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{31F8F1EF-57BA-4421-8780-0E825F2B9FF0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{3A7F9047-A366-4D98-A00B-0787B6389C7B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{3E14A432-0D12-40F1-A325-D652791133CC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{3F75DCF0-0C79-4B97-9687-B4056F7F6364}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{4646B8EA-A6EB-4653-B28B-41C31490C438}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4854E80C-B2A2-4625-82B9-340C1E03EC6B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{54E882B4-8AD7-4720-8B7D-711E3564A860}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{553C4B03-E4F0-460A-8149-856A7E9B5432}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{675F7B02-8334-498B-B7F6-92029C552C17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{757535EF-00C2-451C-9990-A93FA9BBF61B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{75C091DC-6ACE-4302-BF88-F11D1FFA0691}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{78C0F7ED-AD03-4524-AA58-B94ADDC54609}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{7F19CEA9-0A1D-41DB-B031-CEFF32BD5891}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{815AED98-5DB4-4BA1-B18E-306A46A9A7A2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{84374AF9-7377-4195-9AEC-C93C995FF91C}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{8B533F48-8C72-4A62-8CDE-5FFA8F8686E5}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{93B825E4-2AA4-437F-A070-6293E2219E4F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{9645710B-E8F5-4949-A732-60BF8CEB34ED}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{9757E8EB-4726-419A-840D-8142ABA407DC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{9AAC521E-278C-470D-9755-3E2B45AEE29F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B39A49E9-AADB-4276-A93B-4A234B3D69D2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{BA869634-A036-4C06-99D1-ABC1C33C7D34}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{BBD7C80D-D556-453B-A45D-12D2CB415531}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{BD91FB17-2BA8-46FB-AFB6-8A65209023E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{BF14971B-1CE3-40B5-92B9-16EAC521A9D0}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{C440B538-21A8-4860-9EA7-0FF7F6CC79F2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D3DBE892-263C-433D-BE9C-D9858A4C59B7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{D552C59D-293D-462B-80F5-3A62F924FFD1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DAB44904-2ABE-423A-AC76-35882E87E0F6}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{E0526071-D192-4695-832D-F34636E68C28}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{E6AC2671-4019-4B89-8081-60ED84EE75E6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{E7AA529D-CD1D-4996-B9C7-777657E56319}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{EECED27A-9BDB-4738-A58E-A94EDF4AAE7D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{F1E5F9B7-3586-4E2C-B894-DA734DA15CBE}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"TCP Query User{61991915-5E2F-4C6F-ADB2-2F4B93B41FE6}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{AC23079F-E57E-4A1E-98AE-61DF83EE5B9A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{423AD804-CB1C-446C-9E16-8B014CA0613D}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{71F75881-0166-4E3E-8B6D-A5D707CB08D7}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4415B0E6-B266-49C3-B501-FFEF76C3D71B}" = Google Advertising Cookie Opt-out
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}" = OD2 Music Manager
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AudibleManager" = AudibleManager
"CCleaner" = CCleaner
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.0 (Basic)
"LManager" = Launch Manager
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = BT NetProtect Plus
"Rapport_msi" = Rapport
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"Vodafone PC Assistant_is1" = Vodafone PC Assistant V1.9.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"ZENcast Organizer" = ZENcast Organizer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31/01/2011 08:28:36 | Computer Name = Angelakis-PC | Source = WinMgmt | ID = 10
Description =

Error - 01/02/2011 09:13:01 | Computer Name = Angelakis-PC | Source = WinMgmt | ID = 10
Description =

Error - 01/02/2011 12:01:19 | Computer Name = Angelakis-PC | Source = VSS | ID = 8194
Description =

Error - 01/02/2011 17:42:27 | Computer Name = Angelakis-PC | Source = Application Error | ID = 1000
Description = Faulting application game.dat, version 1.0.2194.40862, time stamp
0x43e44b4a, faulting module kernel32.dll, version 6.0.6002.18005, time stamp 0x49e037dd,
exception code 0x04560123, fault offset 0x0003fbae, process id 0x13a8, application
start time 0x01cbc23cdd477b5c.

Error - 02/02/2011 07:11:51 | Computer Name = Angelakis-PC | Source = WinMgmt | ID = 10
Description =

Error - 03/02/2011 09:19:42 | Computer Name = Angelakis-PC | Source = WinMgmt | ID = 10
Description =

Error - 04/02/2011 09:01:45 | Computer Name = Angelakis-PC | Source = WinMgmt | ID = 10
Description =

Error - 05/02/2011 08:24:11 | Computer Name = Angelakis-PC | Source = WinMgmt | ID = 10
Description =

Error - 05/02/2011 08:48:06 | Computer Name = Angelakis-PC | Source = WinMgmt | ID = 10
Description =

Error - 05/02/2011 10:07:32 | Computer Name = Angelakis-PC | Source = Application Hang | ID = 1002
Description = The program CKScanner.exe version 1.8.1.1 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: af0 Start Time: 01cbc53dbbe5dd80 Termination Time: 1404

[ OSession Events ]
Error - 10/11/2009 13:28:32 | Computer Name = Angelakis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 470
seconds with 240 seconds of active time. This session ended with a crash.

Error - 16/02/2010 09:16:48 | Computer Name = Angelakis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2838
seconds with 2820 seconds of active time. This session ended with a crash.

Error - 20/03/2010 15:09:26 | Computer Name = Angelakis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4183
seconds with 3420 seconds of active time. This session ended with a crash.

Error - 22/03/2010 07:13:05 | Computer Name = Angelakis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3676
seconds with 3120 seconds of active time. This session ended with a crash.

Error - 13/04/2010 14:59:56 | Computer Name = Angelakis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4137
seconds with 60 seconds of active time. This session ended with a crash.

Error - 20/04/2010 16:12:54 | Computer Name = Angelakis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10570
seconds with 780 seconds of active time. This session ended with a crash.

Error - 21/04/2010 18:49:27 | Computer Name = Angelakis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1669
seconds with 0 seconds of active time. This session ended with a crash.

Error - 26/10/2010 10:08:28 | Computer Name = Angelakis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23826
seconds with 300 seconds of active time. This session ended with a crash.

Error - 12/11/2010 21:39:01 | Computer Name = Angelakis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1340
seconds with 60 seconds of active time. This session ended with a crash.

Error - 06/12/2010 00:10:59 | Computer Name = Angelakis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 45472
seconds with 3060 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 30/01/2011 17:45:54 | Computer Name = Angelakis-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 31/01/2011 08:28:37 | Computer Name = Angelakis-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 01/02/2011 09:12:54 | Computer Name = Angelakis-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.5. The computer with the IP address 192.168.0.6 did not
allow the name to be claimed by this computer.

Error - 01/02/2011 09:13:02 | Computer Name = Angelakis-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 02/02/2011 07:11:52 | Computer Name = Angelakis-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 02/02/2011 15:47:11 | Computer Name = Angelakis-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 03/02/2011 09:19:43 | Computer Name = Angelakis-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 04/02/2011 09:01:46 | Computer Name = Angelakis-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05/02/2011 08:24:12 | Computer Name = Angelakis-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05/02/2011 08:48:06 | Computer Name = Angelakis-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
nimble1111x
Active Member
 
Posts: 13
Joined: January 30th, 2011, 3:39 pm

Re: Memory

Unread postby nimble1111x » February 6th, 2011, 6:00 pm

GMER is over the limit - i can post it in several parts, but i am not sure whether how to break it up to make it easier to read - should i just post as much as i can in each reply? (sorry, really not computer savvy :/)
nimble1111x
Active Member
 
Posts: 13
Joined: January 30th, 2011, 3:39 pm

Re: Memory

Unread postby deltalima » February 6th, 2011, 6:02 pm

should i just post as much as i can in each reply?


Yes, that will be fine. Did you make sure Show All was NOT checked when you ran the GMER scan?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Memory

Unread postby nimble1111x » February 6th, 2011, 9:00 pm

Show all was definitely not checked

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-05 18:55:56
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543216L9A300 rev.FB2OC40C
Running: cbckdf0h.exe; Driver: C:\Users\ANGELA~1\AppData\Local\Temp\uwdiyuoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x916D1FE4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x916D2996]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys ZwCreateThread [0x916FD864]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x916D2AF6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x916D636C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x916D639E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x916D6500]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x916D2A5A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x916D2128]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x916D231A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x916D244C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x916D6476]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x916D63E0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x916D6412]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x916D6444]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x916D1F8A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x916D2B56]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys ZwSetValueKey [0x916FD82E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x916D1F26]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateProcess [0x916D1E7A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x916D1EC2]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys ZwCreateThreadEx [0x916FD8DC]

INT 0x72 ? 8870CBF8
INT 0x72 ? 8870CBF8
INT 0x72 ? 8870CBF8
INT 0x72 ? 8870CBF8
INT 0x72 ? 8870CBF8
INT 0x82 ? 8870CBF8
INT 0x92 ? 86F1ABF8
INT 0x92 ? 86F1ABF8
INT 0x92 ? 86F1ABF8
INT 0x92 ? 86F1ABF8
INT 0x92 ? 86F1ABF8
INT 0xA2 ? 8870CBF8
INT 0xB2 ? 8870CBF8

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8472A0B8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8472A0CE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8472A0A4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 840439D2 5 Bytes JMP 8472A0A8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!KeSetEvent + 191 840C48F4 4 Bytes [E4, 1F, 6D, 91] {IN AL, 0x1f; INSD ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 1D9 840C493C 4 Bytes [96, 29, 6D, 91] {XCHG ESI, EAX; SUB [EBP-0x6f], EBP}
.text ntkrnlpa.exe!KeSetEvent + 221 840C4984 4 Bytes [64, D8, 6F, 91] {FSUBR DWORD FS:[EDI-0x6f]}
.text ntkrnlpa.exe!KeSetEvent + 2D1 840C4A34 8 Bytes [F6, 2A, 6D, 91, 6C, 63, 6D, ...] {IMUL BYTE [EDX]; INSD ; XCHG ECX, EAX; INSB ; ARPL [EBP-0x6f], BP}
.text ntkrnlpa.exe!KeSetEvent + 2E1 840C4A44 4 Bytes [9E, 63, 6D, 91] {SAHF ; ARPL [EBP-0x6f], BP}
.text ...
PAGE ntkrnlpa.exe!NtMapViewOfSection 842284FA 7 Bytes JMP 8472A0BC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 842287BD 5 Bytes JMP 8472A0D2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? System32\Drivers\spoa.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 851B441B 5 Bytes JMP 8870C1D8
C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0xB033441C]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0xB0335000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[776] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 0026000A
.text C:\Windows\system32\services.exe[776] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 00260036
.text C:\Windows\system32\services.exe[776] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 00260025
.text C:\Windows\system32\services.exe[776] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 00250F72
.text C:\Windows\system32\services.exe[776] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 002500C2
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 002500FF
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 002500EE
.text C:\Windows\system32\services.exe[776] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 00250082
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 00250011
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 00250036
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 002500A7
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 00250F9E
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 00250FC0
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 00250FAF
.text C:\Windows\system32\services.exe[776] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 00250047
.text C:\Windows\system32\services.exe[776] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 00250F8D
.text C:\Windows\system32\services.exe[776] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 00250F4D
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 00250FDB
.text C:\Windows\system32\services.exe[776] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 00250000
.text C:\Windows\system32\services.exe[776] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 002500D3
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 00280040
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 00280FB9
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 00280FEF
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 00280FA8
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 0028005B
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 0028001B
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 0028000A
.text C:\Windows\system32\services.exe[776] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 00280FCA
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 008D0064
.text C:\Windows\system32\services.exe[776] msvcrt.dll!system 7775804B 5 Bytes JMP 008D0FD9
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 008D002E
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_open 7775D106 5 Bytes JMP 008D0000
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 008D0049
.text C:\Windows\system32\services.exe[776] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 008D001D
.text C:\Windows\system32\services.exe[776] WS2_32.dll!socket 761836D1 5 Bytes JMP 00270FE5
.text C:\Windows\system32\lsass.exe[816] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 00880FE5
.text C:\Windows\system32\lsass.exe[816] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0088001B
.text C:\Windows\system32\lsass.exe[816] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 00880000
.text C:\Windows\system32\lsass.exe[816] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 0018008B
.text C:\Windows\system32\lsass.exe[816] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 0018007A
.text C:\Windows\system32\lsass.exe[816] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 00180F0F
.text C:\Windows\system32\lsass.exe[816] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 001800A6
.text C:\Windows\system32\lsass.exe[816] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 00180058
.text C:\Windows\system32\lsass.exe[816] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 00180FD4
.text C:\Windows\system32\lsass.exe[816] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 00180FC3
.text C:\Windows\system32\lsass.exe[816] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 00180069
.text C:\Windows\system32\lsass.exe[816] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 00180047
.text C:\Windows\system32\lsass.exe[816] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 00180F9E
.text C:\Windows\system32\lsass.exe[816] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 00180036
.text C:\Windows\system32\lsass.exe[816] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 00180025
.text C:\Windows\system32\lsass.exe[816] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 00180F59
.text C:\Windows\system32\lsass.exe[816] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 00180EF4
.text C:\Windows\system32\lsass.exe[816] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 00180FE5
.text C:\Windows\system32\lsass.exe[816] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 00180000
.text C:\Windows\system32\lsass.exe[816] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 00180F20
.text C:\Windows\system32\lsass.exe[816] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 008A0FA8
.text C:\Windows\system32\lsass.exe[816] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 008A004A
.text C:\Windows\system32\lsass.exe[816] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 008A0000
.text C:\Windows\system32\lsass.exe[816] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 008A0FC3
.text C:\Windows\system32\lsass.exe[816] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 008A0065
.text C:\Windows\system32\lsass.exe[816] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 008A0025
.text C:\Windows\system32\lsass.exe[816] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\lsass.exe[816] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 008A0FD4
.text C:\Windows\system32\lsass.exe[816] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 008B0FD9
.text C:\Windows\system32\lsass.exe[816] msvcrt.dll!system 7775804B 5 Bytes JMP 008B0064
.text C:\Windows\system32\lsass.exe[816] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 008B002E
.text C:\Windows\system32\lsass.exe[816] msvcrt.dll!_open 7775D106 5 Bytes JMP 008B0000
.text C:\Windows\system32\lsass.exe[816] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 008B0049
.text C:\Windows\system32\lsass.exe[816] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 008B001D
.text C:\Windows\system32\lsass.exe[816] WS2_32.dll!socket 761836D1 5 Bytes JMP 00890000
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 00190000
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0019002C
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 0019001B
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 00180F66
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 00180F77
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 00180F3A
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 001800D1
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 00180F99
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 00180FDB
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 0018002C
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 00180F88
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 00180073
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 00180FC0
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 00180062
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 00180047
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 0018008E
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 00180F29
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 00180011
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 00180000
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 00180F4B
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 001C001B
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!system 7775804B 5 Bytes JMP 001C0F9A
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 001C0FAB
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_open 7775D106 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 001C000A
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 001C0FD2
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 001B0F83
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 001B001B
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 001B0000
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 001B0F94
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 001B0040
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 001B0FC0
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 001B0FDB
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 001B0FAF
.text C:\Windows\system32\svchost.exe[1000] WS2_32.dll!socket 761836D1 5 Bytes JMP 001A0FE5
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 000E0000
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 000E0036
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 000E001B
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 000D00BD
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 000D0F77
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 000D0F3E
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 000D00DF
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 000D0FA3
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 000D0036
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 000D0051
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 000D00A2
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 000D0FCA
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 000D0FDB
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 000D0087
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 000D0062
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 000D0F88
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 000D0F23
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 000D001B
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 000D0000
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 000D00CE
.text C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 001B0FA6
.text C:\Windows\system32\svchost.exe[1064] msvcrt.dll!system 7775804B 5 Bytes JMP 001B0FB7
.text C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 001B0027
.text C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_open 7775D106 5 Bytes JMP 001B0FEF
.text C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 001B0FD2
.text C:\Windows\system32\svchost.exe[1064] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 001B000C
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 001A0FB6
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 001A004E
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 001A0000
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 001A0FD1
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 001A0069
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 001A0022
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 001A0011
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 001A003D
.text C:\Windows\system32\svchost.exe[1064] WS2_32.dll!socket 761836D1 5 Bytes JMP 0010000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1200] ntdll.dll!KiUserApcDispatcher 77635D18 5 Bytes JMP 00414C10 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1200] USER32.dll!InSendMessageEx + 3B1 7702E6B0 6 Bytes JMP 716E001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1200] WS2_32.dll!getaddrinfo 7618418A 5 Bytes JMP 71640022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1200] WS2_32.dll!gethostbyname 761962D4 5 Bytes JMP 71670022
.text C:\Windows\system32\wuauclt.exe[1240] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 00040FEF
.text C:\Windows\system32\wuauclt.exe[1240] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0004001B
.text C:\Windows\system32\wuauclt.exe[1240] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 0004000A
.text C:\Windows\system32\wuauclt.exe[1240] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 00010F43
.text C:\Windows\system32\wuauclt.exe[1240] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 00010089
.text C:\Windows\system32\wuauclt.exe[1240] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 00010F17
.text C:\Windows\system32\wuauclt.exe[1240] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 000100AE
.text C:\Windows\system32\wuauclt.exe[1240] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 00010F8A
.text C:\Windows\system32\wuauclt.exe[1240] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 0001000A
.text C:\Windows\system32\wuauclt.exe[1240] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 0001001B
.text C:\Windows\system32\wuauclt.exe[1240] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 00010F5E
.text C:\Windows\system32\wuauclt.exe[1240] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 0001006E
.text C:\Windows\system32\wuauclt.exe[1240] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 00010FAF
.text C:\Windows\system32\wuauclt.exe[1240] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 00010051
.text C:\Windows\system32\wuauclt.exe[1240] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 00010036
.text C:\Windows\system32\wuauclt.exe[1240] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 00010F6F
.text C:\Windows\system32\wuauclt.exe[1240] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 000100C9
.text C:\Windows\system32\wuauclt.exe[1240] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 00010FD4
.text C:\Windows\system32\wuauclt.exe[1240] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 00010FEF
.text C:\Windows\system32\wuauclt.exe[1240] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 00010F32
.text C:\Windows\system32\wuauclt.exe[1240] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 00070039
.text C:\Windows\system32\wuauclt.exe[1240] msvcrt.dll!system 7775804B 5 Bytes JMP 0007001E
.text C:\Windows\system32\wuauclt.exe[1240] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 00070FB5
.text C:\Windows\system32\wuauclt.exe[1240] msvcrt.dll!_open 7775D106 5 Bytes JMP 00070FEF
.text C:\Windows\system32\wuauclt.exe[1240] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 00070FA4
.text C:\Windows\system32\wuauclt.exe[1240] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 00070FD2
.text C:\Windows\system32\wuauclt.exe[1240] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 000C0058
nimble1111x
Active Member
 
Posts: 13
Joined: January 30th, 2011, 3:39 pm

Re: Memory

Unread postby nimble1111x » February 6th, 2011, 9:01 pm

.text C:\Windows\system32\wuauclt.exe[1240] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 000C0036
.text C:\Windows\system32\wuauclt.exe[1240] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 000C0000
.text C:\Windows\system32\wuauclt.exe[1240] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 000C0047
.text C:\Windows\system32\wuauclt.exe[1240] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 000C0FA5
.text C:\Windows\system32\wuauclt.exe[1240] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 000C0FD4
.text C:\Windows\system32\wuauclt.exe[1240] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 000C0FE5
.text C:\Windows\system32\wuauclt.exe[1240] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 000C001B
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 000F0FEF
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 000F0FCA
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 000F000A
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 000E0067
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 000E0056
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 000E0EF2
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 000E0093
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 000E003B
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 000E0FD4
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 000E0FB9
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 000E0F35
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 000E0F61
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 000E0F83
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 000E0F72
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 000E0F9E
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 000E0F46
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 000E0EE1
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 000E0FE5
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 000E0000
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 000E0078
.text C:\Windows\System32\svchost.exe[1292] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 00710FA3
.text C:\Windows\System32\svchost.exe[1292] msvcrt.dll!system 7775804B 5 Bytes JMP 00710038
.text C:\Windows\System32\svchost.exe[1292] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 00710FD2
.text C:\Windows\System32\svchost.exe[1292] msvcrt.dll!_open 7775D106 5 Bytes JMP 00710FE3
.text C:\Windows\System32\svchost.exe[1292] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 00710027
.text C:\Windows\System32\svchost.exe[1292] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 0071000C
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 006F0040
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 006F0FAF
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 006F0FE5
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 006F0F9E
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 006F0F8D
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 006F0FCA
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 006F0000
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 006F001B
.text C:\Windows\System32\svchost.exe[1292] WS2_32.dll!socket 761836D1 5 Bytes JMP 00100000
.text C:\Windows\System32\svchost.exe[1324] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 00E40000
.text C:\Windows\System32\svchost.exe[1324] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 00E40FEF
.text C:\Windows\System32\svchost.exe[1324] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 00E40025
.text C:\Windows\System32\svchost.exe[1324] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 00E20F29
.text C:\Windows\System32\svchost.exe[1324] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 00E20F3A
.text C:\Windows\System32\svchost.exe[1324] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 00E20EF3
.text C:\Windows\System32\svchost.exe[1324] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 00E20F0E
.text C:\Windows\System32\svchost.exe[1324] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 00E20F77
.text C:\Windows\System32\svchost.exe[1324] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 00E2001B
.text C:\Windows\System32\svchost.exe[1324] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 00E2002C
.text C:\Windows\System32\svchost.exe[1324] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 00E20F4B
.text C:\Windows\System32\svchost.exe[1324] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 00E20F94
.text C:\Windows\System32\svchost.exe[1324] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 00E20FC0
.text C:\Windows\System32\svchost.exe[1324] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 00E20FA5
.text C:\Windows\System32\svchost.exe[1324] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 00E20047
.text C:\Windows\System32\svchost.exe[1324] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 00E20F5C
.text C:\Windows\System32\svchost.exe[1324] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 00E20EE2
.text C:\Windows\System32\svchost.exe[1324] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 00E20FE5
.text C:\Windows\System32\svchost.exe[1324] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 00E20000
.text C:\Windows\System32\svchost.exe[1324] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 00E2008A
.text C:\Windows\System32\svchost.exe[1324] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 00F70FA3
.text C:\Windows\System32\svchost.exe[1324] msvcrt.dll!system 7775804B 5 Bytes JMP 00F70038
.text C:\Windows\System32\svchost.exe[1324] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 00F70016
.text C:\Windows\System32\svchost.exe[1324] msvcrt.dll!_open 7775D106 5 Bytes JMP 00F70FE3
.text C:\Windows\System32\svchost.exe[1324] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 00F70027
.text C:\Windows\System32\svchost.exe[1324] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 00F70FD2
.text C:\Windows\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 00F20062
.text C:\Windows\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 00F20047
.text C:\Windows\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 00F20FEF
.text C:\Windows\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 00F20FC0
.text C:\Windows\System32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 00F20FAF
.text C:\Windows\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 00F20025
.text C:\Windows\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 00F2000A
.text C:\Windows\System32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 00F20036
.text C:\Windows\System32\svchost.exe[1324] WS2_32.dll!socket 761836D1 5 Bytes JMP 00F1000A
.text C:\Windows\system32\svchost.exe[1340] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 01250000
.text C:\Windows\system32\svchost.exe[1340] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 01250FCA
.text C:\Windows\system32\svchost.exe[1340] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 01250FE5
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 01190F21
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 01190F32
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 01190093
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 01190EFC
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 01190056
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 01190000
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 01190FB9
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 01190F4D
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 01190F72
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 01190025
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 01190F83
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 01190F94
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 01190067
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 01190EE1
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 01190FCA
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 01190FEF
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 01190082
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 01370038
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!system 7775804B 5 Bytes JMP 01370FB7
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 01370FC8
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_open 7775D106 5 Bytes JMP 01370FEF
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 01370027
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 0137000C
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 011C006C
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 011C0047
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 011C000A
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 011C0FCA
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 011C0FAF
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 011C002C
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 011C001B
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 011C0FDB
.text C:\Windows\system32\svchost.exe[1340] WS2_32.dll!socket 761836D1 5 Bytes JMP 01320FE5
.text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 00230FEF
.text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0023000A
.text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 00230FD4
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 00210F3C
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 00210F57
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 002100D3
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 002100C2
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 00210056
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 00210FD4
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 00210FB9
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 0021008C
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 00210039
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 00210F97
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 00210F7C
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 00210FA8
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 00210071
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 00210F2B
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 00210FE5
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 00210000
.text C:\Windows\system32\svchost.exe[1444] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 002100A7
.text C:\Windows\system32\svchost.exe[1444] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 007E0058
.text C:\Windows\system32\svchost.exe[1444] msvcrt.dll!system 7775804B 5 Bytes JMP 007E0047
.text C:\Windows\system32\svchost.exe[1444] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 007E002C
.text C:\Windows\system32\svchost.exe[1444] msvcrt.dll!_open 7775D106 5 Bytes JMP 007E0000
.text C:\Windows\system32\svchost.exe[1444] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 007E0FD7
.text C:\Windows\system32\svchost.exe[1444] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 007E0011
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 00220062
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 00220047
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 00220FEF
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 00220FB6
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 00220FA5
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 0022001B
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 0022000A
.text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 0022002C
.text C:\Windows\system32\svchost.exe[1444] WS2_32.dll!socket 761836D1 5 Bytes JMP 00240FEF
.text C:\Windows\system32\svchost.exe[1512] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 00E10000
.text C:\Windows\system32\svchost.exe[1512] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 00E1001B
.text C:\Windows\system32\svchost.exe[1512] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 00E10FDB
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 001000D0
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 001000AB
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 001000EB
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 00100F54
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 00100F9B
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 0010001B
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 0010002C
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 00100F80
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 00100075
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 00100058
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 00100FB6
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 0010003D
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 00100090
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 001000FC
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 00100FE5
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 00100000
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 00100F65
.text C:\Windows\system32\svchost.exe[1512] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 00F00FA6
.text C:\Windows\system32\svchost.exe[1512] msvcrt.dll!system 7775804B 5 Bytes JMP 00F00031
.text C:\Windows\system32\svchost.exe[1512] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 00F00FC8
.text C:\Windows\system32\svchost.exe[1512] msvcrt.dll!_open 7775D106 5 Bytes JMP 00F00000
.text C:\Windows\system32\svchost.exe[1512] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 00F00FB7
.text C:\Windows\system32\svchost.exe[1512] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 00F00FE3
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 00A70F57
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 00A70F83
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 00A70FEF
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 00A70F72
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 00A70F46
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 00A70FC3
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 00A70FD4
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 00A70F9E
.text C:\Windows\system32\svchost.exe[1512] WS2_32.dll!socket 761836D1 5 Bytes JMP 00EF0000
.text C:\Windows\system32\svchost.exe[1512] WinInet.dll!InternetOpenA 75DCD690 5 Bytes JMP 00EA0000
.text C:\Windows\system32\svchost.exe[1512] WinInet.dll!InternetOpenW 75DCDB09 5 Bytes JMP 00EA001B
.text C:\Windows\system32\svchost.exe[1512] WinInet.dll!InternetOpenUrlA 75DCF3A4 5 Bytes JMP 00EA0FE5
.text C:\Windows\system32\svchost.exe[1512] WinInet.dll!InternetOpenUrlW 75E16D77 5 Bytes JMP 00EA0FD4
.text C:\Windows\system32\svchost.exe[1700] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 0031000A
.text C:\Windows\system32\svchost.exe[1700] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 00310025
.text C:\Windows\system32\svchost.exe[1700] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 00310FEF
.text C:\Windows\system32\svchost.exe[1700] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 002F00B3
.text C:\Windows\system32\svchost.exe[1700] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 002F0098
.text C:\Windows\system32\svchost.exe[1700] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 002F0F3E
.text C:\Windows\system32\svchost.exe[1700] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 002F00D5
.text C:\Windows\system32\svchost.exe[1700] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 002F005B
.text C:\Windows\system32\svchost.exe[1700] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 002F0FD4
.text C:\Windows\system32\svchost.exe[1700] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 002F0FB9
.text C:\Windows\system32\svchost.exe[1700] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 002F007D
.text C:\Windows\system32\svchost.exe[1700] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 002F0040
.text C:\Windows\system32\svchost.exe[1700] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 002F0F97
.text C:\Windows\system32\svchost.exe[1700] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 002F002F
.text C:\Windows\system32\svchost.exe[1700] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 002F0FA8
.text C:\Windows\system32\svchost.exe[1700] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 002F006C
.text C:\Windows\system32\svchost.exe[1700] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 002F00F0
.text C:\Windows\system32\svchost.exe[1700] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 002F0000
.text C:\Windows\system32\svchost.exe[1700] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 002F0FE5
.text C:\Windows\system32\svchost.exe[1700] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 002F00C4
.text C:\Windows\system32\svchost.exe[1700] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 00940070
.text C:\Windows\system32\svchost.exe[1700] msvcrt.dll!system 7775804B 5 Bytes JMP 0094005F
.text C:\Windows\system32\svchost.exe[1700] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 0094003A
.text C:\Windows\system32\svchost.exe[1700] msvcrt.dll!_open 7775D106 5 Bytes JMP 00940000
.text C:\Windows\system32\svchost.exe[1700] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 00940FEF
.text C:\Windows\system32\svchost.exe[1700] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 0094001D
.text C:\Windows\system32\svchost.exe[1700] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 00300F72
.text C:\Windows\system32\svchost.exe[1700] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 00300F9E
.text C:\Windows\system32\svchost.exe[1700] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 00300FEF
.text C:\Windows\system32\svchost.exe[1700] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 00300F8D
.text C:\Windows\system32\svchost.exe[1700] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 00300F61
.text C:\Windows\system32\svchost.exe[1700] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 00300FC3
.text C:\Windows\system32\svchost.exe[1700] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 00300FD4
.text C:\Windows\system32\svchost.exe[1700] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 00300014
.text C:\Windows\system32\svchost.exe[1700] WS2_32.dll!socket 761836D1 5 Bytes JMP 008F0FEF
.text C:\Windows\system32\svchost.exe[1752] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 00280000
.text C:\Windows\system32\svchost.exe[1752] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0028001B
.text C:\Windows\system32\svchost.exe[1752] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 00280FE5
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 00220F09
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 00220F1A
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 0022008C
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 0022007B
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 0022003B
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 00220FD4
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 00220FC3
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 00220F2B
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 00220F61
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 00220F8D
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 00220F7C
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 00220F9E
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 00220F46
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 00220EDA
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 0022000A
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 00220FE5
.text C:\Windows\system32\svchost.exe[1752] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 0022006A
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 00290FBE
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!system 7775804B 5 Bytes JMP 00290053
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 00290FE3
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_open 7775D106 5 Bytes JMP 0029000C
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 00290038
.text C:\Windows\system32\svchost.exe[1752] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 0029001D
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 00270036
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 00270025
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 00270FEF
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 00270F94
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 00270047
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 00270FC3
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 00270FDE
.text C:\Windows\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 00270014
.text C:\Windows\system32\svchost.exe[1980] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 00A60FE5
.text C:\Windows\system32\svchost.exe[1980] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 00A60FB9
.text C:\Windows\system32\svchost.exe[1980] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 00A60FD4
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 007A00A7
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 007A0F61
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 007A0F2B
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 007A0F3C
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 007A0F97
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 007A0FDB
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 007A0FCA
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 007A0096
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 007A0071
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 007A0FB9
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 007A0FA8
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 007A0040
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 007A0F7C
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 007A00E7
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 007A0011
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 007A0000
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 007A00C2
.text C:\Windows\system32\svchost.exe[1980] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 00750FA3
.text C:\Windows\system32\svchost.exe[1980] msvcrt.dll!system 7775804B 5 Bytes JMP 00750038
.text C:\Windows\system32\svchost.exe[1980] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 00750FD9
.text C:\Windows\system32\svchost.exe[1980] msvcrt.dll!_open 7775D106 5 Bytes JMP 00750000
.text C:\Windows\system32\svchost.exe[1980] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 00750FC8
.text C:\Windows\system32\svchost.exe[1980] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 0075001D
.text C:\Windows\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 007F0FCA
.text C:\Windows\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 007F0FDB
.text C:\Windows\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 007F0000
.text C:\Windows\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 007F006C
.text C:\Windows\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 007F0FB9
.text C:\Windows\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 007F002C
.text C:\Windows\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 007F001B
.text C:\Windows\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 007F003D
.text C:\Windows\system32\svchost.exe[1980] WS2_32.dll!socket 761836D1 5 Bytes JMP 00700FE5
.text C:\Windows\System32\svchost.exe[2112] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 000D0000
.text C:\Windows\System32\svchost.exe[2112] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 000D0036
.text C:\Windows\System32\svchost.exe[2112] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 000D001B
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 000B0F19
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 000B0055
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 000B009F
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 000B0F08
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 000B0044
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 000B0FC0
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 000B0FA5
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 000B0F34
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 000B0033
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 000B0011
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 000B0022
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 000B0F94
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 000B0F4F
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 000B00B0
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 000B0FDB
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 000B0000
.text C:\Windows\System32\svchost.exe[2112] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 000B007A
.text C:\Windows\System32\svchost.exe[2112] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 000E0FB7
.text C:\Windows\System32\svchost.exe[2112] msvcrt.dll!system 7775804B 5 Bytes JMP 000E0042
.text C:\Windows\System32\svchost.exe[2112] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 000E0FD2
.text C:\Windows\System32\svchost.exe[2112] msvcrt.dll!_open 7775D106 5 Bytes JMP 000E0FEF
.text C:\Windows\System32\svchost.exe[2112] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 000E0027
.text C:\Windows\System32\svchost.exe[2112] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 000E000C
.text C:\Windows\System32\svchost.exe[2112] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 000C0FB2
.text C:\Windows\System32\svchost.exe[2112] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 000C0FDE
.text C:\Windows\System32\svchost.exe[2112] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 000C000A
.text C:\Windows\System32\svchost.exe[2112] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 000C0FCD
.text C:\Windows\System32\svchost.exe[2112] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 000C0F8D
.text C:\Windows\System32\svchost.exe[2112] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 000C002F
.text C:\Windows\System32\svchost.exe[2112] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 000C0FEF
.text C:\Windows\System32\svchost.exe[2112] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 000C004A
.text C:\Windows\System32\svchost.exe[2112] WS2_32.dll!socket 761836D1 5 Bytes JMP 000A0FEF
.text C:\Windows\System32\svchost.exe[2220] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 00150FEF
.text C:\Windows\System32\svchost.exe[2220] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 00150FC3
.text C:\Windows\System32\svchost.exe[2220] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 00150FD4
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 00130F3A
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 00130F4B
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 00130EF3
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 00130F0E
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 00130076
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 00130FDE
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 00130025
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 00130F66
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 00130F9C
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 00130FB9
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 00130065
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 00130040
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 00130F77
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 0013009B
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 00130FEF
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 0013000A
.text C:\Windows\System32\svchost.exe[2220] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 00130F29
.text C:\Windows\System32\svchost.exe[2220] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 00160F97
.text C:\Windows\System32\svchost.exe[2220] msvcrt.dll!system 7775804B 5 Bytes JMP 0016002C
.text C:\Windows\System32\svchost.exe[2220] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 00160FCD
.text C:\Windows\System32\svchost.exe[2220] msvcrt.dll!_open 7775D106 5 Bytes JMP 00160FEF
.text C:\Windows\System32\svchost.exe[2220] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 00160FBC
nimble1111x
Active Member
 
Posts: 13
Joined: January 30th, 2011, 3:39 pm

Re: Memory

Unread postby nimble1111x » February 6th, 2011, 9:02 pm

.text C:\Windows\System32\svchost.exe[2220] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 00160FDE
.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!RegCreateKeyExA 774D39AB 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 00140FAF
.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 00140047
.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 00140FEF
.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 00140FCA
.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 0014006C
.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 0014001B
.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 00140000
.text C:\Windows\System32\svchost.exe[2220] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 00140036
.text C:\Windows\System32\svchost.exe[2220] WS2_32.dll!socket 761836D1 5 Bytes JMP 00120FE5
.text C:\Windows\system32\svchost.exe[2244] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 0024000A
.text C:\Windows\system32\svchost.exe[2244] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 00240025
.text C:\Windows\system32\svchost.exe[2244] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 00240FEF
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 001D007F
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 001D0F43
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 001D00A4
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 001D0F0D
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 001D0053
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 001D0FCA
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 001D0FAF
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 001D0F5E
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 001D0F6F
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 001D0F8A
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 001D002C
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 001D001B
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 001D0064
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 001D0EE8
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 001D0FE5
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 001D000A
.text C:\Windows\system32\svchost.exe[2244] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 001D0F1E
.text C:\Windows\system32\svchost.exe[2244] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 00290FA8
.text C:\Windows\system32\svchost.exe[2244] msvcrt.dll!system 7775804B 5 Bytes JMP 00290FC3
.text C:\Windows\system32\svchost.exe[2244] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 00290FEF
.text C:\Windows\system32\svchost.exe[2244] msvcrt.dll!_open 7775D106 5 Bytes JMP 0029000C
.text C:\Windows\system32\svchost.exe[2244] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 00290FDE
.text C:\Windows\system32\svchost.exe[2244] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 0029001D
.text C:\Windows\system32\svchost.exe[2244] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 00230084
.text C:\Windows\system32\svchost.exe[2244] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 00230058
.text C:\Windows\system32\svchost.exe[2244] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 0023000A
.text C:\Windows\system32\svchost.exe[2244] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 00230069
.text C:\Windows\system32\svchost.exe[2244] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 00230095
.text C:\Windows\system32\svchost.exe[2244] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 0023002C
.text C:\Windows\system32\svchost.exe[2244] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 0023001B
.text C:\Windows\system32\svchost.exe[2244] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 00230047
.text C:\Windows\system32\svchost.exe[2244] WS2_32.dll!socket 761836D1 5 Bytes JMP 0016000A
.text C:\Windows\system32\svchost.exe[2384] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 009D000A
.text C:\Windows\system32\svchost.exe[2384] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 009D0025
.text C:\Windows\system32\svchost.exe[2384] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 009D0FEF
.text C:\Windows\system32\svchost.exe[2384] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 006B0F40
.text C:\Windows\system32\svchost.exe[2384] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 006B0F51
.text C:\Windows\system32\svchost.exe[2384] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 006B00B2
.text C:\Windows\system32\svchost.exe[2384] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 006B00A1
.text C:\Windows\system32\svchost.exe[2384] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 006B0075
.text C:\Windows\system32\svchost.exe[2384] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 006B001B
.text C:\Windows\system32\svchost.exe[2384] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 006B002C
.text C:\Windows\system32\svchost.exe[2384] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 006B0F76
.text C:\Windows\system32\svchost.exe[2384] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 006B0F9B
.text C:\Windows\system32\svchost.exe[2384] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 006B0FB6
.text C:\Windows\system32\svchost.exe[2384] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 006B0058
.text C:\Windows\system32\svchost.exe[2384] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 006B003D
.text C:\Windows\system32\svchost.exe[2384] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 006B0086
.text C:\Windows\system32\svchost.exe[2384] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 006B00CD
.text C:\Windows\system32\svchost.exe[2384] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 006B0000
.text C:\Windows\system32\svchost.exe[2384] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 006B0FE5
.text C:\Windows\system32\svchost.exe[2384] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 006B0F25
.text C:\Windows\system32\svchost.exe[2384] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 009E0FB2
.text C:\Windows\system32\svchost.exe[2384] msvcrt.dll!system 7775804B 5 Bytes JMP 009E0FC3
.text C:\Windows\system32\svchost.exe[2384] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 009E0033
.text C:\Windows\system32\svchost.exe[2384] msvcrt.dll!_open 7775D106 5 Bytes JMP 009E0FEF
.text C:\Windows\system32\svchost.exe[2384] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 009E0FD4
.text C:\Windows\system32\svchost.exe[2384] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 009E000C
.text C:\Windows\system32\svchost.exe[2384] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 008C0F83
.text C:\Windows\system32\svchost.exe[2384] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 008C0FA8
.text C:\Windows\system32\svchost.exe[2384] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 008C0000
.text C:\Windows\system32\svchost.exe[2384] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 008C002F
.text C:\Windows\system32\svchost.exe[2384] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 008C0040
.text C:\Windows\system32\svchost.exe[2384] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 008C0FD4
.text C:\Windows\system32\svchost.exe[2384] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 008C0FE5
.text C:\Windows\system32\svchost.exe[2384] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 008C0FB9
.text C:\Windows\system32\svchost.exe[2384] WS2_32.dll!socket 761836D1 5 Bytes JMP 00180FEF
.text C:\Windows\System32\svchost.exe[2428] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 0007000A
.text C:\Windows\System32\svchost.exe[2428] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 00070FEF
.text C:\Windows\System32\svchost.exe[2428] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 0007001B
.text C:\Windows\System32\svchost.exe[2428] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 000500BA
.text C:\Windows\System32\svchost.exe[2428] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 00050095
.text C:\Windows\System32\svchost.exe[2428] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 000500D5
.text C:\Windows\System32\svchost.exe[2428] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 00050F3E
.text C:\Windows\System32\svchost.exe[2428] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 00050F99
.text C:\Windows\System32\svchost.exe[2428] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 0005002C
.text C:\Windows\System32\svchost.exe[2428] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 00050047
.text C:\Windows\System32\svchost.exe[2428] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 00050F6A
.text C:\Windows\System32\svchost.exe[2428] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 00050073
.text C:\Windows\System32\svchost.exe[2428] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 00050FC7
.text C:\Windows\System32\svchost.exe[2428] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 00050FB6
.text C:\Windows\System32\svchost.exe[2428] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 00050058
.text C:\Windows\System32\svchost.exe[2428] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 00050084
.text C:\Windows\System32\svchost.exe[2428] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 000500F0
.text C:\Windows\System32\svchost.exe[2428] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 0005001B
.text C:\Windows\System32\svchost.exe[2428] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[2428] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 00050F59
.text C:\Windows\System32\svchost.exe[2428] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 0010004C
.text C:\Windows\System32\svchost.exe[2428] msvcrt.dll!system 7775804B 5 Bytes JMP 00100FC1
.text C:\Windows\System32\svchost.exe[2428] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 0010001D
.text C:\Windows\System32\svchost.exe[2428] msvcrt.dll!_open 7775D106 5 Bytes JMP 0010000C
.text C:\Windows\System32\svchost.exe[2428] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 00100FD2
.text C:\Windows\System32\svchost.exe[2428] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 00100FE3
.text C:\Windows\System32\svchost.exe[2428] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 0006006C
.text C:\Windows\System32\svchost.exe[2428] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 00060FD4
.text C:\Windows\System32\svchost.exe[2428] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 0006000A
.text C:\Windows\System32\svchost.exe[2428] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 00060051
.text C:\Windows\System32\svchost.exe[2428] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 00060FA5
.text C:\Windows\System32\svchost.exe[2428] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[2428] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 0006001B
.text C:\Windows\System32\svchost.exe[2428] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 00060036
.text C:\Windows\System32\svchost.exe[2428] WS2_32.dll!socket 761836D1 5 Bytes JMP 00630000
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2704] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 6F1D9AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2704] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 6F1D9A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[2912] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 006B0000
.text C:\Windows\system32\svchost.exe[2912] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 006B0FC0
.text C:\Windows\system32\svchost.exe[2912] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 006B0FDB
.text C:\Windows\system32\svchost.exe[2912] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 00690F46
.text C:\Windows\system32\svchost.exe[2912] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 0069008C
.text C:\Windows\system32\svchost.exe[2912] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 006900C2
.text C:\Windows\system32\svchost.exe[2912] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 006900B1
.text C:\Windows\system32\svchost.exe[2912] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 00690F8D
.text C:\Windows\system32\svchost.exe[2912] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 0069001B
.text C:\Windows\system32\svchost.exe[2912] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 00690040
.text C:\Windows\system32\svchost.exe[2912] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 00690F61
.text C:\Windows\system32\svchost.exe[2912] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 00690FA8
.text C:\Windows\system32\svchost.exe[2912] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 00690FB9
.text C:\Windows\system32\svchost.exe[2912] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 00690065
.text C:\Windows\system32\svchost.exe[2912] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 00690FD4
.text C:\Windows\system32\svchost.exe[2912] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 00690F7C
.text C:\Windows\system32\svchost.exe[2912] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 006900DD
.text C:\Windows\system32\svchost.exe[2912] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 00690FE5
.text C:\Windows\system32\svchost.exe[2912] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 00690000
.text C:\Windows\system32\svchost.exe[2912] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 00690F2B
.text C:\Windows\system32\svchost.exe[2912] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 00780058
.text C:\Windows\system32\svchost.exe[2912] msvcrt.dll!system 7775804B 5 Bytes JMP 00780047
.text C:\Windows\system32\svchost.exe[2912] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 00780FCD
.text C:\Windows\system32\svchost.exe[2912] msvcrt.dll!_open 7775D106 5 Bytes JMP 00780000
.text C:\Windows\system32\svchost.exe[2912] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 0078002C
.text C:\Windows\system32\svchost.exe[2912] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 00780011
.text C:\Windows\system32\svchost.exe[2912] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 006A0062
.text C:\Windows\system32\svchost.exe[2912] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 006A0036
.text C:\Windows\system32\svchost.exe[2912] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 006A0FEF
.text C:\Windows\system32\svchost.exe[2912] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 006A0047
.text C:\Windows\system32\svchost.exe[2912] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 006A0FA5
.text C:\Windows\system32\svchost.exe[2912] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 006A0014
.text C:\Windows\system32\svchost.exe[2912] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 006A0FDE
.text C:\Windows\system32\svchost.exe[2912] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 006A0025
.text C:\Windows\system32\svchost.exe[2912] WS2_32.dll!socket 761836D1 5 Bytes JMP 00120000
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3904] ntdll.dll!KiUserApcDispatcher 77635D18 5 Bytes JMP 004397C0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3904] WS2_32.dll!getaddrinfo 7618418A 5 Bytes JMP 71670022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3904] WS2_32.dll!gethostbyname 761962D4 5 Bytes JMP 716E0022
.text C:\Windows\Explorer.EXE[4012] ntdll.dll!NtCreateFile 776343D4 5 Bytes JMP 00040000
.text C:\Windows\Explorer.EXE[4012] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 00040025
.text C:\Windows\Explorer.EXE[4012] ntdll.dll!NtProtectVirtualMemory 77634D34 5 Bytes JMP 00040FE5
.text C:\Windows\Explorer.EXE[4012] kernel32.dll!GetStartupInfoW 773D1929 5 Bytes JMP 00010073
.text C:\Windows\Explorer.EXE[4012] kernel32.dll!GetStartupInfoA 773D19C9 5 Bytes JMP 00010062
.text C:\Windows\Explorer.EXE[4012] kernel32.dll!CreateProcessW 773D1BF3 1 Byte [E9]
.text C:\Windows\Explorer.EXE[4012] kernel32.dll!CreateProcessW 773D1BF3 5 Bytes JMP 00010EF7
.text C:\Windows\Explorer.EXE[4012] kernel32.dll!CreateProcessA 773D1C28 5 Bytes JMP 00010F12
.text C:\Windows\Explorer.EXE[4012] kernel32.dll!VirtualProtect 773D1DC3 5 Bytes JMP 00010F6D
.text C:\Windows\Explorer.EXE[4012] kernel32.dll!CreateNamedPipeA 773D2EF5 5 Bytes JMP 0001000A
.text C:\Windows\Explorer.EXE[4012] kernel32.dll!CreateNamedPipeW 773D5C0C 5 Bytes JMP 00010FB9
.text C:\Windows\Explorer.EXE[4012] kernel32.dll!CreatePipe 773F8E6E 5 Bytes JMP 00010F37
.text C:\Windows\Explorer.EXE[4012] kernel32.dll!LoadLibraryExW 773F9109 5 Bytes JMP 00010F94
.text C:\Windows\Explorer.EXE[4012] kernel32.dll!LoadLibraryW 773F9362 5 Bytes JMP 00010040
.text C:\Windows\Explorer.EXE[4012] kernel32.dll!LoadLibraryExA 773F94B4 5 Bytes JMP 00010051
.text C:\Windows\Explorer.EXE[4012] kernel32.dll!LoadLibraryA 773F94DC 5 Bytes JMP 0001001B
.text C:\Windows\Explorer.EXE[4012] kernel32.dll!VirtualProtectEx 773FDBDA 5 Bytes JMP 00010F5C
.text C:\Windows\Explorer.EXE[4012] kernel32.dll!GetProcAddress 7741903B 5 Bytes JMP 0001009F
.text C:\Windows\Explorer.EXE[4012] kernel32.dll!CreateFileW 7741AECB 5 Bytes JMP 00010FD4
.text C:\Windows\Explorer.EXE[4012] kernel32.dll!CreateFileA 7741CE5F 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[4012] kernel32.dll!WinExec 77465CF7 5 Bytes JMP 0001008E
.text C:\Windows\Explorer.EXE[4012] ADVAPI32.dll!RegCreateKeyExA 774D39AB 5 Bytes JMP 00060073
.text C:\Windows\Explorer.EXE[4012] ADVAPI32.dll!RegCreateKeyA 774D3BA9 5 Bytes JMP 00060058
.text C:\Windows\Explorer.EXE[4012] ADVAPI32.dll!RegOpenKeyA 774D89C7 5 Bytes JMP 00060000
.text C:\Windows\Explorer.EXE[4012] ADVAPI32.dll!RegCreateKeyW 774E391E 5 Bytes JMP 00060FD1
.text C:\Windows\Explorer.EXE[4012] ADVAPI32.dll!RegCreateKeyExW 774E41F1 5 Bytes JMP 00060084
.text C:\Windows\Explorer.EXE[4012] ADVAPI32.dll!RegOpenKeyExA 774E7C42 5 Bytes JMP 00060022
.text C:\Windows\Explorer.EXE[4012] ADVAPI32.dll!RegOpenKeyW 774EE2B5 5 Bytes JMP 00060011
.text C:\Windows\Explorer.EXE[4012] ADVAPI32.dll!RegOpenKeyExW 774F7BA1 5 Bytes JMP 0006003D
.text C:\Windows\Explorer.EXE[4012] msvcrt.dll!_wsystem 77757F2F 5 Bytes JMP 00070FD4
.text C:\Windows\Explorer.EXE[4012] msvcrt.dll!system 7775804B 5 Bytes JMP 0007005F
.text C:\Windows\Explorer.EXE[4012] msvcrt.dll!_creat 7775BBE1 5 Bytes JMP 00070029
.text C:\Windows\Explorer.EXE[4012] msvcrt.dll!_open 7775D106 5 Bytes JMP 00070FEF
.text C:\Windows\Explorer.EXE[4012] msvcrt.dll!_wcreat 7775D326 5 Bytes JMP 0007004E
.text C:\Windows\Explorer.EXE[4012] msvcrt.dll!_wopen 7775D501 5 Bytes JMP 0007000C
.text C:\Windows\Explorer.EXE[4012] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7654B37C 4 Bytes [00, 26, 39, 00] {ADD [ESI], AH; CMP [EAX], EAX}
.text C:\Windows\Explorer.EXE[4012] SHELL32.dll!ShellExecuteExW + 18B7 7657DA0C 4 Bytes [10, 1B, 39, 00] {ADC [EBX], BL; CMP [EAX], EAX}
.text C:\Windows\Explorer.EXE[4012] WS2_32.dll!socket 761836D1 3 Bytes JMP 03A4000A
.text C:\Windows\Explorer.EXE[4012] WS2_32.dll!socket + 4 761836D5 1 Byte [8D]
.text C:\Windows\Explorer.EXE[4012] WININET.dll!InternetOpenA 75DCD690 5 Bytes JMP 03B80000
.text C:\Windows\Explorer.EXE[4012] WININET.dll!InternetOpenW 75DCDB09 5 Bytes JMP 03B80FDB
.text C:\Windows\Explorer.EXE[4012] WININET.dll!InternetOpenUrlA 75DCF3A4 5 Bytes JMP 03B8001B
.text C:\Windows\Explorer.EXE[4012] WININET.dll!InternetOpenUrlW 75E16D77 5 Bytes JMP 03B80036

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806916D6] \SystemRoot\System32\Drivers\spoa.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80691042] \SystemRoot\System32\Drivers\spoa.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80691800] \SystemRoot\System32\Drivers\spoa.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806910C0] \SystemRoot\System32\Drivers\spoa.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069113E] \SystemRoot\System32\Drivers\spoa.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A0B90] \SystemRoot\System32\Drivers\spoa.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\mfevtps.exe[1596] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [009A7740] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\system32\mfevtps.exe[1596] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [009A77A0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74497817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744EA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7449BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7448F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7448E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [744C8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7449DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7448FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7448FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7451CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [744BC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7448D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74486853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7448687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74492AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [003927E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [00391D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00392B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[4012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [003911D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
nimble1111x
Active Member
 
Posts: 13
Joined: January 30th, 2011, 3:39 pm

Re: Memory

Unread postby nimble1111x » February 6th, 2011, 9:03 pm

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 878B31F8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \FileSystem\fastfat \FatCdrom 8C1081F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 86F1C1F8
Device \Driver\usbuhci \Device\USBPDO-0 886FF1F8
Device \Driver\usbuhci \Device\USBPDO-1 886FF1F8
Device \Driver\usbuhci \Device\USBPDO-2 886FF1F8
Device \Driver\usbehci \Device\USBPDO-3 88709500
Device \Driver\usbuhci \Device\USBPDO-4 886FF1F8

AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBPDO-5 886FF1F8
Device \Driver\usbuhci \Device\USBPDO-6 886FF1F8
Device \Driver\volmgr \Device\HarddiskVolume1 86F1C1F8
Device \Driver\usbehci \Device\USBPDO-7 88709500
Device \Driver\volmgr \Device\HarddiskVolume2 86F1C1F8
Device \Driver\cdrom \Device\CdRom0 887271F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 878B11F8
Device \Driver\atapi \Device\Ide\IdePort0 878B11F8
Device \Driver\atapi \Device\Ide\IdePort1 878B11F8
Device \Driver\atapi \Device\Ide\IdePort2 878B11F8
Device \Driver\atapi \Device\Ide\IdePort3 878B11F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 878B11F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 878B21F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 878B21F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 878B21F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 878B21F8
Device \Driver\volmgr \Device\HarddiskVolume3 86F1C1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{E797AFCA-7A80-49CF-80CC-53F3FF0FBC9B} 8C0701F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8C0701F8
Device \Driver\Smb \Device\NetbiosSmb 8C1D2500
Device \Driver\iScsiPrt \Device\RaidPort0 8876C500

AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBFDO-0 886FF1F8
Device \Driver\usbuhci \Device\USBFDO-1 886FF1F8
Device \Driver\usbuhci \Device\USBFDO-2 886FF1F8
Device \Driver\usbehci \Device\USBFDO-3 88709500
Device \Driver\usbuhci \Device\USBFDO-4 886FF1F8
Device \Driver\usbuhci \Device\USBFDO-5 886FF1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{4A4B500D-A617-469A-A9B4-7AE7EC84DF2D} 8C0701F8
Device \Driver\usbuhci \Device\USBFDO-6 886FF1F8
Device \Driver\usbehci \Device\USBFDO-7 88709500
Device \FileSystem\fastfat \Fat 8C1081F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \FileSystem\cdfs \Cdfs 87145500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet031\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet031\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet031\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet033\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet033\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet033\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet034\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet034\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet034\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet035\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet035\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet035\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet036\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet036\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet036\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet037\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet037\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet037\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet038\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet038\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet038\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet039\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet039\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet039\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet040\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet040\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet040\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet041\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet041\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet041\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet042\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet042\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet042\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...
Reg HKLM\SYSTEM\ControlSet043\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet043\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet043\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x64 0x81 0x1D 0x9B ...

---- EOF - GMER 1.0.15 ----
nimble1111x
Active Member
 
Posts: 13
Joined: January 30th, 2011, 3:39 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 300 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware