Quantcast
Channel: Tech Support Forum - Virus/Trojan/Spyware Help
Viewing all articles
Browse latest Browse all 2798

Spinning ring - all web pages loading slow - follow up report logs

March 26, 2014, 4:35 am
$
0
0
I'm responding now with first set of report logs on the problem above
I heard back from "Amateur"


amateur
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,554
OS: XP Win7 Ubuntu 10.10

Re: Spinning ring - all web pages loading slow

Hello sam94,
In order to determine if the sluggishness of the system is due to malware, we need to see a comprehensive set of logs.
Please follow our pre-posting process outlined below:
After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.
If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.
_________________

2 year old HP desktop with processor in monitor - 6.4 GB RAM - 64bit - Windows 8 - Google Chrome - Windows Live Mail - wired modem -> AT&T highest internet speed available - Avast! anti-virus free edition.
I have and ran Malwarebytes anti-malware full scan - my paid SuperAnti-spyware full scan - ESET scan - Kaspersky rootkit removal scan and Tweaking.com Windows Repair All in one full system scan. Nothing malicious at all was detected.
Usually some basic adware is found which is promptly removed by the Super-antispyware.
I went thru my task manager and looked at the start up section and removed anything that I don't need or that would slow down my system.
I typically have Google Chrome - Facebook - TMZ - and my Yahoo homepage open. I don't download much. I don't have many docs.
I do have ADBlock on when I surf - I still have the slow behavior when its off.
The slow page opening does not happen with my mail or with docs.
I have Roboform and an active Google weather and Grammar extension.
I have Google ad blockers and pop up blocker extensions that I can turn on and off when I surf in Hi risk web areas.
I don't know how much more I can do or where else I can look to fix this issue that has slowed down my computer so much - Thank you for you attention.

#1 --DDS -> not compatible with Windows 8.1


#2 ->
GMER 2.1.19357 - GMER - Rootkit Detector and Remover
Rootkit scan 2014-03-26 07:19:55
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000028 WDC_WD10EZEX-60ZF5A0 rev.80.00A80 931.51GB
Running: gmer.exe; Driver: C:\Users\IKE529~1\AppData\Local\Temp\kgtoquod.sys

GMER 2.1.19357 - GMER - Rootkit Detector and Remover
Rootkit scan 2014-03-26 07:31:16
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000028 WDC_WD10EZEX-60ZF5A0 rev.80.00A80 931.51GB
Running: gmer.exe; Driver: C:\Users\IKE529~1\AppData\Local\Temp\kgtoquod.sys


---- User code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffe40416620 5 bytes JMP 00007ffec0540460
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffe40416670 5 bytes JMP 00007ffec0540450
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffe404167d0 5 bytes JMP 00007ffec0540370
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffe40416820 5 bytes JMP 00007ffec0540470
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffe40416830 5 bytes JMP 00007ffec05403e0
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffe404168e0 5 bytes JMP 00007ffec0540320
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe40416910 5 bytes JMP 00007ffec05403b0
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffe40416930 5 bytes JMP 00007ffec0540390
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffe40416970 5 bytes JMP 00007ffec05402e0
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffe404169f0 5 bytes JMP 00007ffec05402d0
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffe40416a10 5 bytes JMP 00007ffec0540310
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffe40416a50 5 bytes JMP 00007ffec05403c0
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffe40416aa0 5 bytes JMP 00007ffec05403f0
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffe40416c00 5 bytes JMP 00007ffec0540230
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffe40416df0 1 byte JMP 00007ffec0540480
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffe40416df2 3 bytes {JMP 0xffffffff80129690}
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffe40416e20 5 bytes JMP 00007ffec05403a0
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffe40416f40 5 bytes JMP 00007ffec05402f0
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffe40416f60 5 bytes JMP 00007ffec0540350
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffe40416fd0 5 bytes JMP 00007ffec0540290
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffe40417060 5 bytes JMP 00007ffec05402b0
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe40417080 5 bytes JMP 00007ffec05403d0
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffe40417090 5 bytes JMP 00007ffec0540330
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffe40417140 5 bytes JMP 00007ffec0540410
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffe40417170 5 bytes JMP 00007ffec0540240
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffe40417490 5 bytes JMP 00007ffec05401e0
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffe40417550 5 bytes JMP 00007ffec0540250
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffe40417580 5 bytes JMP 00007ffec0540490
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffe40417590 5 bytes JMP 00007ffec05404a0
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffe404175c0 5 bytes JMP 00007ffec0540300
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffe404175d0 1 byte JMP 00007ffec0540360
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffe404175d2 3 bytes {JMP 0xffffffff80128d90}
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffe40417630 5 bytes JMP 00007ffec05402a0
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffe40417680 5 bytes JMP 00007ffec05402c0
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffe404176b0 5 bytes JMP 00007ffec0540380
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffe404176c0 5 bytes JMP 00007ffec0540340
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffe404179d0 5 bytes JMP 00007ffec0540440
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffe40417bd0 1 byte JMP 00007ffec0540260
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffe40417bd2 3 bytes {JMP 0xffffffff80128690}
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffe40417be0 1 byte JMP 00007ffec0540270
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffe40417be2 3 bytes {JMP 0xffffffff80128690}
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe40417c00 5 bytes JMP 00007ffec0540400
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffe40417de0 5 bytes JMP 00007ffec05401f0
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffe40417df0 5 bytes JMP 00007ffec0540210
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffe40417e80 5 bytes JMP 00007ffec0540200
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffe40417ef0 5 bytes JMP 00007ffec0540420
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffe40417f00 5 bytes JMP 00007ffec0540430
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffe40417f10 5 bytes JMP 00007ffec0540220
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffe40418020 5 bytes JMP 00007ffec0540280
.text C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe3fbf97b1 1 byte [62]
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffe40416620 5 bytes JMP 00007ffec0540460
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffe40416670 5 bytes JMP 00007ffec0540450
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffe404167d0 5 bytes JMP 00007ffec0540370
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffe40416820 5 bytes JMP 00007ffec0540470
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffe40416830 5 bytes JMP 00007ffec05403e0
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffe404168e0 5 bytes JMP 00007ffec0540320
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe40416910 5 bytes JMP 00007ffec05403b0
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffe40416930 5 bytes JMP 00007ffec0540390
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffe40416970 5 bytes JMP 00007ffec05402e0
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffe404169f0 5 bytes JMP 00007ffec05402d0
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffe40416a10 5 bytes JMP 00007ffec0540310
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffe40416a50 5 bytes JMP 00007ffec05403c0
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffe40416aa0 5 bytes JMP 00007ffec05403f0
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffe40416c00 5 bytes JMP 00007ffec0540230
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffe40416df0 1 byte JMP 00007ffec0540480
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffe40416df2 3 bytes {JMP 0xffffffff80129690}
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffe40416e20 5 bytes JMP 00007ffec05403a0
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffe40416f40 5 bytes JMP 00007ffec05402f0
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffe40416f60 5 bytes JMP 00007ffec0540350
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffe40416fd0 5 bytes JMP 00007ffec0540290
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffe40417060 5 bytes JMP 00007ffec05402b0
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe40417080 5 bytes JMP 00007ffec05403d0
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffe40417090 5 bytes JMP 00007ffec0540330
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffe40417140 5 bytes JMP 00007ffec0540410
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffe40417170 5 bytes JMP 00007ffec0540240
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffe40417490 5 bytes JMP 00007ffec05401e0
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffe40417550 5 bytes JMP 00007ffec0540250
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffe40417580 5 bytes JMP 00007ffec0540490
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffe40417590 5 bytes JMP 00007ffec05404a0
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffe404175c0 5 bytes JMP 00007ffec0540300
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffe404175d0 1 byte JMP 00007ffec0540360
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffe404175d2 3 bytes {JMP 0xffffffff80128d90}
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffe40417630 5 bytes JMP 00007ffec05402a0
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffe40417680 5 bytes JMP 00007ffec05402c0
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffe404176b0 5 bytes JMP 00007ffec0540380
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffe404176c0 5 bytes JMP 00007ffec0540340
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffe404179d0 5 bytes JMP 00007ffec0540440
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffe40417bd0 1 byte JMP 00007ffec0540260
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffe40417bd2 3 bytes {JMP 0xffffffff80128690}
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffe40417be0 1 byte JMP 00007ffec0540270
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffe40417be2 3 bytes {JMP 0xffffffff80128690}
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe40417c00 5 bytes JMP 00007ffec0540400
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffe40417de0 5 bytes JMP 00007ffec05401f0
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffe40417df0 5 bytes JMP 00007ffec0540210
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtShutdownSystem 00007ffe40417e80 5 bytes JMP 00007ffec0540200
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendProcess 00007ffe40417ef0 5 bytes JMP 00007ffec0540420
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSuspendThread 00007ffe40417f00 5 bytes JMP 00007ffec0540430
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSystemDebugControl 00007ffe40417f10 5 bytes JMP 00007ffec0540220
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\SYSTEM32\ntdll.dll!NtVdmControl 00007ffe40418020 5 bytes JMP 00007ffec0540280
.text C:\WINDOWS\system32\winlogon.exe[736] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe3fbf97b1 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00007ffe40416620 5 bytes JMP 00007ffec0540460
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryObject 00007ffe40416670 5 bytes JMP 00007ffec0540450
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffe404167d0 5 bytes JMP 00007ffec0540370
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00007ffe40416820 5 bytes JMP 00007ffec0540470
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 00007ffe40416830 5 bytes JMP 00007ffec05403e0
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSection 00007ffe404168e0 5 bytes JMP 00007ffec0540320
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffe40416910 5 bytes JMP 00007ffec05403b0
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDuplicateObject 00007ffe40416930 5 bytes JMP 00007ffec0540390
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEvent 00007ffe40416970 5 bytes JMP 00007ffec05402e0
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEvent 00007ffe404169f0 5 bytes JMP 00007ffec05402d0
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSection 00007ffe40416a10 5 bytes JMP 00007ffec0540310
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThread 00007ffe40416a50 5 bytes JMP 00007ffec05403c0
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateThread 00007ffe40416aa0 5 bytes JMP 00007ffec05403f0
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAddBootEntry 00007ffe40416c00 5 bytes JMP 00007ffec0540230
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00007ffe40416df0 1 byte JMP 00007ffec0540480
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 2 00007ffe40416df2 3 bytes {JMP 0xffffffff80129690}
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00007ffe40416e20 5 bytes JMP 00007ffec05403a0
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateEventPair 00007ffe40416f40 5 bytes JMP 00007ffec05402f0
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00007ffe40416f60 5 bytes JMP 00007ffec0540350
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateMutant 00007ffe40416fd0 5 bytes JMP 00007ffec0540290
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ffe40417060 5 bytes JMP 00007ffec05402b0
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffe40417080 5 bytes JMP 00007ffec05403d0
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateTimer 00007ffe40417090 5 bytes JMP 00007ffec0540330
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00007ffe40417140 5 bytes JMP 00007ffec0540410
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00007ffe40417170 5 bytes JMP 00007ffec0540240
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtLoadDriver 00007ffe40417490 5 bytes JMP 00007ffec05401e0
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtModifyBootEntry 00007ffe40417550 5 bytes JMP 00007ffec0540250
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00007ffe40417580 5 bytes JMP 00007ffec0540490
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00007ffe40417590 5 bytes JMP 00007ffec05404a0
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenEventPair 00007ffe404175c0 5 bytes JMP 00007ffec0540300
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00007ffe404175d0 1 byte JMP 00007ffec0540360
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenIoCompletion + 2 00007ffe404175d2 3 bytes {JMP 0xffffffff80128d90}
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenMutant 00007ffe40417630 5 bytes JMP 00007ffec05402a0
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenSemaphore 00007ffe40417680 5 bytes JMP 00007ffec05402c0
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenThread 00007ffe404176b0 5 bytes JMP 00007ffec0540380
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtOpenTimer 00007ffe404176c0 5 bytes JMP 00007ffec0540340
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00007ffe404179d0 5 bytes JMP 00007ffec0540440
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00007ffe40417bd0 1 byte JMP 00007ffec0540260
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootEntryOrder + 2 00007ffe40417bd2 3 bytes {JMP 0xffffffff80128690}
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions 00007ffe40417be0 1 byte JMP 00007ffec0540270
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetBootOptions + 2 00007ffe40417be2 3 bytes {JMP 0xffffffff80128690}
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffe40417c00 5 bytes JMP 00007ffec0540400
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemInformation 00007ffe40417de0 5 bytes JMP 00007ffec05401f0
.text C:\WINDOWS\system32\svchost.exe[800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00007ffe40417df0 5 bytes JMP 00007ffec0540210
.text C:\WINDOWS\system32\svchost.exe[800]
Search
Viewing all articles
Browse latest Browse all 2798

Trending Articles

Scuffham Amps - S-GEAR 2.6.0 VST, AAX, STANDALONE x86 x64 (R2R NO iLok2, +NO...

November 19, 2017, 7:24 am

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

VHSE First (1st) Allotment 2025 - vhscap.kerala.gov.in

May 24, 2025, 11:58 pm

UNIVERSE LEAGUE – UNIVERSE LEAGUE – WAR (We Are Ready) – EP [iTunes Plus M4A]

January 26, 2025, 11:12 am

City Hunter Teledrama – Episode 18 – 07th May 2016

May 6, 2016, 2:05 pm

Comment on Proposed Criteria for Identifying Predatory Conferences by Luke...

July 4, 2016, 3:53 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

Kendrick Lamar – Not Like Us (2024) [24Bit-88.2kHz] [PMEDIA] ⭐️

May 14, 2024, 7:14 pm

Inception 2010 Hindi Dual Audio 650MB BRRip 720p ESubs HEVC

December 27, 2016, 4:23 pm

East Hull MD admits sexual assaults after another victim comes forward

January 14, 2013, 12:20 am

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

R. v. Sargeant, 2023 ONSC 6406 (CanLII)

November 13, 2023, 9:00 pm

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise

August 20, 2016, 5:13 pm

Who’s been sentenced at Northampton Magistrates’ Court

March 30, 2019, 10:00 pm

मतलबी दोस्त स्टेट्स | Matlabi Dost Status in Hindi – Selfish Friends Status

February 13, 2020, 3:12 am

Family cries out as traditional ruler allegedly abducts brother, extorts N2.5m

September 15, 2024, 1:15 am

Long-Running Conflict In Springfield (MA) Gangland Sphere Has Manzi Family &...

December 26, 2017, 3:59 pm

Wondershare Filmora X v10.1.20.16 x64

February 8, 2021, 5:34 am

Man arrested after fracas in flat

January 16, 2017, 10:10 pm

Man charged in ongoing Sexual Assault Investigation Derek Nyilas, 46, Faces...

May 27, 2019, 8:00 am
Search