------ ETHREAD: 0x8253b800 Pid: 4 Tid: 100 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrVirtualMemory BasePriority: 0x8 Priority: 0x11 TEB: 0x00000000 StartAddress: 0x8050b928 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 8050b928: 8bff MOV EDI, EDI 8050b92a: 55 PUSH EBP 8050b92b: 8bec MOV EBP, ESP 8050b92d: 83ec14 SUB ESP, 0x14 8050b930: 53 PUSH EBX 8050b931: 56 PUSH ESI 8050b932: 57 PUSH EDI 8050b933: 64a124010000 MOV EAX, [FS:0x124] 8050b939: 8bf0 MOV ESI, EAX 8050b93b: 6a11 PUSH 0x11 ------ ETHREAD: 0x81f60558 Pid: 420 Tid: 440 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x821013c0 'alg.exe' Attached Process: 0x821013c0 'alg.exe' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdf000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1f43008 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77de2084 ebx=0x00000000 ecx=0x0007fce0 edx=0x00000025 esi=0x00000000 edi=0x00000060 eip=0x7c90e514 esp=0x0007fb98 ebp=0x0007fc00 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82069808 Pid: 1124 Tid: 508 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff98000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x769c8761 ebx=0x021ffef4 ecx=0x7c90e920 edx=0x0213fd94 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x021ffecc ebp=0x021fff68 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x0205c8b0 Pid: 4 Tid: 1988 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x824ae810 Pid: 728 Tid: 932 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:Executive BasePriority: 0x9 Priority: 0xa TEB: 0x7ffd4000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0000c6a7 ebx=0x00000000 ecx=0x0100a4f8 edx=0x00000000 esi=0x00000000 edi=0x00000290 eip=0x7c90e514 esp=0x0093fc40 ebp=0x0093fca8 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824a1958 Pid: 1124 Tid: 1488 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffae000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x823a0818 Pid: 1124 Tid: 1912 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0xa TEB: 0x7ff71000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a91a ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000001 ebx=0x00000000 ecx=0x7792bbe5 edx=0x02f2ef80 esi=0x000b0838 edi=0x00154898 eip=0x7c90e514 esp=0x02f2fe18 ebp=0x02f2ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x01f50488 Pid: 4 Tid: 1936 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x022c6da0 Pid: 4 Tid: 1380 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x82044b20 Pid: 420 Tid: 504 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x821013c0 'alg.exe' Attached Process: 0x821013c0 'alg.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffdb000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a900 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000ace10 ebx=0x00000000 ecx=0x000003d4 edx=0x000b8468 esi=0x000a7db8 edi=0x00000100 eip=0x7c90e514 esp=0x00a0fe18 ebp=0x00a0ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82049020 Pid: 916 Tid: 948 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffda000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x00a3f69c edx=0x7c90e514 esi=0x000a3cb0 edi=0x000a4ef0 eip=0x7c90e514 esp=0x00a3fe18 ebp=0x00a3ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82388da0 Pid: 728 Tid: 1188 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:UserRequest BasePriority: 0x9 Priority: 0xa TEB: 0x7ffab000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe21c1eb0 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000001 ebx=0x00b9fe8c ecx=0x76364b66 edx=0x00090608 esi=0x00000000 edi=0x7ffdb000 eip=0x7c90e514 esp=0x00b9fe64 ebp=0x00b9ff00 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8205f3c0 Pid: 4 Tid: 1484 Tags: SystemThread Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf2b27c60 HTTP.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_HARD_ERRORS_DISABLED|PS_CROSS_THREAD_FLAGS_SYSTEM f2b27c60: 8bff MOV EDI, EDI f2b27c62: 55 PUSH EBP f2b27c63: 8bec MOV EBP, ESP f2b27c65: 51 PUSH ECX f2b27c66: 51 PUSH ECX f2b27c67: 53 PUSH EBX f2b27c68: 56 PUSH ESI f2b27c69: 8b7508 MOV ESI, [EBP+0x8] f2b27c6c: 57 PUSH EDI f2b27c6d: 8b7e08 MOV EDI, [ESI+0x8] ------ ETHREAD: 0x81f23828 Pid: 980 Tid: 536 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x820ec650 'svchost.exe' Attached Process: 0x820ec650 'svchost.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffad000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00c6f01c ebx=0x000995f4 ecx=0x00090748 edx=0x00000012 esi=0x000d0fb8 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00c6ff70 ebp=0x00c6ff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820e96c8 Pid: 728 Tid: 876 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:WrQueue BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffda000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000b7070 ebx=0x00000000 ecx=0x77de6f9e edx=0x00040000 esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x006aff70 ebp=0x006affb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823abda0 Pid: 1964 Tid: 1968 Tags: Created: 2012-06-29 14:16:56 Exited: - Owning Process: 0x820ccda0 'VMwareTray.exe' Attached Process: 0x820ccda0 'VMwareTray.exe' State: Waiting:WrUserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffde000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1f19a48 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0012fb30 ebx=0x7e418a01 ecx=0x00000004 edx=0x00000000 esi=0x0012fed4 edi=0x7e418bf6 eip=0x7c90e514 esp=0x0012fe94 ebp=0x0012feb0 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f5eda0 Pid: 1956 Tid: 136 Tags: Created: 2012-06-29 14:16:56 Exited: - Owning Process: 0x81f2d308 'rundll32.exe' Attached Process: 0x81f2d308 'rundll32.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdc000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x7c910250 ebx=0x00000000 ecx=0x00000000 edx=0x003c003a esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x00e0ff70 ebp=0x00e0ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f92d60 Pid: 728 Tid: 804 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:DelayExecution BasePriority: 0x9 Priority: 0xa TEB: 0x7ffdd000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00000000 ecx=0x00000025 edx=0xffffffff esi=0x00097a80 edi=0x7c97e440 eip=0x7c90e514 esp=0x0062ff8c ebp=0x0062ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824ccc10 Pid: 1124 Tid: 796 Tags: Created: 2012-06-29 14:17:11 Exited: 2012-06-29 14:17:11 Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED Eip: 0x7c90e514 eax=0x00140000 ebx=0x0252fed0 ecx=0x0252f6d8 edx=0x00001000 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x0252fea8 ebp=0x0252ff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82067a48 Pid: 268 Tid: 272 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x823a7da0 'svchost.exe' Attached Process: 0x823a7da0 'svchost.exe' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdf000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1f51290 CrossThreadFlags: Eip: 0x7c90e514 eax=0xffffffea ebx=0x00000000 ecx=0x0007fd90 edx=0x00000077 esi=0x00000000 edi=0x000000bc eip=0x7c90e514 esp=0x0007fc48 ebp=0x0007fcb0 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x020617b8 Pid: 168 Tid: 240 Tags: ScannerOnly Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x82033868 'ipconfig.exe' Attached Process: 0x82033868 'ipconfig.exe' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00defed0 ecx=0x00000000 edx=0x00000011 esi=0x00000000 edi=0x7ffdd000 eip=0x7c90e514 esp=0x00defea8 ebp=0x00deff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x01f4e340 Pid: 4 Tid: 1424 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x820d6da0 Pid: 420 Tid: 472 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x821013c0 'alg.exe' Attached Process: 0x821013c0 'alg.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffda000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x7c927d83 ebx=0x00000000 ecx=0x000aee48 edx=0x662b9870 esi=0x77ef58d0 edi=0x00a0f160 eip=0x7c90e514 esp=0x00a4ff9c ebp=0x00a4ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82046860 Pid: 728 Tid: 880 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:DelayExecution BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffd9000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000007b8 ebx=0x000ac0bc ecx=0x7ffd9000 edx=0x0101b040 esi=0x000adfe0 edi=0x7c9010e0 eip=0x7c90e514 esp=0x006eff70 ebp=0x006eff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82474c10 Pid: 1124 Tid: 488 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff8f000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe16f6b70 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000201 ebx=0x0217fe10 ecx=0x00000200 edx=0x0001f764 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x0217fde8 ebp=0x0217fe84 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f3a9f8 Pid: 740 Tid: 896 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:WrLpcReceive BasePriority: 0x9 Priority: 0xa TEB: 0x7ffa7000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0007f8a8 ebx=0x00000000 ecx=0x000c1588 edx=0x00000024 esi=0x000b20a8 edi=0x000c1220 eip=0x7c90e514 esp=0x0007fe18 ebp=0x0007ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x825c8578 Pid: 4 Tid: 8 Tags: SystemThread Created: - Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrFreePage BasePriority: 0x0 Priority: 0x0 TEB: 0x00000000 StartAddress: 0x80686228 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 80686228: 0000 ADD [EAX], AL 8068622a: 0000 ADD [EAX], AL 8068622c: 0000 ADD [EAX], AL 8068622e: 0000 ADD [EAX], AL 80686230: 0000 ADD [EAX], AL 80686232: 0000 ADD [EAX], AL 80686234: 0000 ADD [EAX], AL 80686236: 0000 ADD [EAX], AL 80686238: 0000 ADD [EAX], AL 8068623a: 0000 ADD [EAX], AL ------ ETHREAD: 0x82403168 Pid: 604 Tid: 672 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8240d020 'csrss.exe' Attached Process: 0x8240d020 'csrss.exe' State: Waiting:UserRequest BasePriority: 0xd Priority: 0xe TEB: 0x7ffdc000 StartAddress: 0x75b6bebd ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe21906a0 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000001 ecx=0x00000002 edx=0x00000003 esi=0x00000000 edi=0x00000003 eip=0x7c90e514 esp=0x004efd8c ebp=0x004efff4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00003246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x02459310 Pid: 4 Tid: 1340 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x81f4b928 Pid: 1124 Tid: 1948 Tags: Created: 2012-06-29 14:17:28 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff86000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x774fe4ef ebx=0x00007530 ecx=0x7c910222 edx=0xffffffff esi=0x00001234 edi=0x00000000 eip=0x7c90e514 esp=0x0276ff28 ebp=0x0276ff8c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f2a880 Pid: 740 Tid: 764 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:WrQueue BasePriority: 0x9 Priority: 0xa TEB: 0x7ffdc000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x7ffdc000 ebx=0x00000000 ecx=0x7c809a90 edx=0x00001002 esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x006eff70 ebp=0x006effb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823a4888 Pid: 268 Tid: 296 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x823a7da0 'svchost.exe' Attached Process: 0x823a7da0 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdd000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77df848a ebx=0x00a9fed0 ecx=0x00000000 edx=0x00000011 esi=0x00000000 edi=0x7ffdb000 eip=0x7c90e514 esp=0x00a9fea8 ebp=0x00a9ff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824c3da0 Pid: 420 Tid: 448 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x821013c0 'alg.exe' Attached Process: 0x821013c0 'alg.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffdd000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000b8000 ebx=0x00000000 ecx=0x0098e2ac edx=0x00001000 esi=0x000a7db8 edi=0x000aa650 eip=0x7c90e514 esp=0x0098fe18 ebp=0x0098ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820ebc18 Pid: 980 Tid: 996 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x820ec650 'svchost.exe' Attached Process: 0x820ec650 'svchost.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdc000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x7c910250 ebx=0x00000000 ecx=0x77dd84df edx=0x0066fa40 esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x009bff70 ebp=0x009bffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x825c5b20 Pid: 4 Tid: 20 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0xd Priority: 0xd TEB: 0x00000000 StartAddress: 0x80534bc2 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 80534bc2: 8bff MOV EDI, EDI 80534bc4: 55 PUSH EBP 80534bc5: 8bec MOV EBP, ESP 80534bc7: 83ec20 SUB ESP, 0x20 80534bca: 8b4d08 MOV ECX, [EBP+0x8] 80534bcd: 85c9 TEST ECX, ECX 80534bcf: 7806 JS 0x80534bd7 80534bd1: 8365f800 AND DWORD [EBP-0x8], 0x0 80534bd5: eb14 JMP 0x80534beb 80534bd7: 8d45e0 LEA EAX, [EBP-0x20] ------ ETHREAD: 0x820d28a0 Pid: 1208 Tid: 1868 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x820ee7e8 'svchost.exe' Attached Process: 0x820ee7e8 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffd5000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x000b6a58 edx=0xffffffff esi=0x000b59f0 edi=0x000b95e0 eip=0x7c90e514 esp=0x00b5fe18 ebp=0x00b5ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820ca8b0 Pid: 336 Tid: 1200 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x824fc928 'svchost.exe' Attached Process: 0x824fc928 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffda000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00000000 ecx=0x00000000 edx=0x00000000 esi=0x0009ad08 edi=0x0009adac eip=0x7c90e514 esp=0x0088fe18 ebp=0x0088ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820ea6c8 Pid: 728 Tid: 900 Tags: Created: 2012-06-29 14:16:52 Exited: 2012-06-29 14:17:11 Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED Eip: 0x7c90e514 eax=0x5f771c49 ebx=0x02c2fed0 ecx=0x001974e0 edx=0x00000006 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x02c2fea8 ebp=0x02c2ff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f3fda0 Pid: 684 Tid: 1564 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:WrQueue BasePriority: 0xd Priority: 0xe TEB: 0x7ff9e000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1f791b8 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x00000000 edx=0x00000000 esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x019eff70 ebp=0x019effb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x77de0023 es=0x77de0023 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824338b8 Pid: 1124 Tid: 1676 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffa8000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x01deeda0 Pid: 4 Tid: 1884 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x81f318c0 Pid: 1124 Tid: 1052 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff80000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x01d32980 ebx=0x028ffee0 ecx=0x01d32980 edx=0x7c90e514 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x028ffeb8 ebp=0x028fff54 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000202 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8250a020 Pid: 728 Tid: 1632 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:DelayExecution BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffa9000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000007b8 ebx=0x000ac0bc ecx=0x7ffa9000 edx=0x0101b040 esi=0x000c2da0 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00c1ff70 ebp=0x00c1ff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824cdc10 Pid: 1124 Tid: 1180 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ff8a000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00140000 ebx=0x0252fed0 ecx=0x0252f6d8 edx=0x00001000 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x0252fea8 ebp=0x0252ff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8204a020 Pid: 684 Tid: 712 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:WrLpcReceive BasePriority: 0xd Priority: 0xd TEB: 0x7ffdb000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000102 ebx=0x00000000 ecx=0x00aefe18 edx=0x7c90e514 esi=0x00086d48 edi=0x00086dec eip=0x7c90e514 esp=0x00aefe18 ebp=0x00aeff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8239ed78 Pid: 1124 Tid: 1628 Tags: Created: 2012-06-29 14:17:46 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ff84000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x5ba18f3c ebx=0x027afee0 ecx=0x00000000 edx=0x00000000 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x027afeb8 ebp=0x027aff54 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000202 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82107980 Pid: 1124 Tid: 1448 Tags: Created: 2012-06-29 14:17:18 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ff76000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000030 ebx=0x02cafeec ecx=0x02caeebc edx=0x019c4e58 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x02cafec4 ebp=0x02caff60 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82395da0 Pid: 1124 Tid: 868 Tags: Created: 2012-06-29 14:17:46 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x9 Priority: 0x9 TEB: 0x7ff88000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x7509a6d0 ebx=0x750a4db0 ecx=0x00000002 edx=0x00000000 esi=0x00000001 edi=0x00000000 eip=0x7c90e514 esp=0x025afde8 ebp=0x025aff34 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820768d8 Pid: 4 Tid: 292 Tags: SystemThread Created: 2012-06-29 14:16:49 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Suspended BasePriority: 0x8 Priority: 0x9 TEB: 0x00000000 StartAddress: 0xf7b5b086 USBPORT.SYS ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f7b5b086: 8bff MOV EDI, EDI f7b5b088: 55 PUSH EBP f7b5b089: 8bec MOV EBP, ESP f7b5b08b: 83ec18 SUB ESP, 0x18 f7b5b08e: 8b4508 MOV EAX, [EBP+0x8] f7b5b091: 53 PUSH EBX f7b5b092: 56 PUSH ESI f7b5b093: 8b7028 MOV ESI, [EAX+0x28] f7b5b096: e88f5b0100 CALL 0xf7b70c2a f7b5b09b: 89 DB 0x89 ------ ETHREAD: 0x824bca48 Pid: 1124 Tid: 1980 Tags: Created: 2012-06-29 14:17:46 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff81000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x74f0742e ebx=0x0293fce4 ecx=0x0000007e edx=0x7c910222 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x0293fcbc ebp=0x0293fd58 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824b68e8 Pid: 1168 Tid: 1172 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x823bd2b0 'svchost.exe' Attached Process: 0x823bd2b0 'svchost.exe' State: Waiting:Executive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffdd000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1c466a8 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77de2084 ebx=0x00000000 ecx=0x0007fd90 edx=0x00000025 esi=0x00000000 edi=0x00000070 eip=0x7c90e514 esp=0x0007fc48 ebp=0x0007fcb0 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82375b20 Pid: 1124 Tid: 1756 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x6 Priority: 0x6 TEB: 0x7ff9f000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x81f3cda0 Pid: 728 Tid: 1184 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:Executive BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffad000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1c2d860 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x00000000 edx=0x00000000 esi=0x00000000 edi=0x00000001 eip=0x7c90e514 esp=0x00b1fb20 ebp=0x00b1ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000202 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x02399a78 Pid: 4 Tid: 1156 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x82486720 Pid: 684 Tid: 724 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:WrQueue BasePriority: 0xd Priority: 0xe TEB: 0x7ffd8000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000025 ebx=0x00007530 ecx=0x77e71378 edx=0x75951570 esi=0x00087f50 edi=0x00000000 eip=0x7c90e514 esp=0x00bafeac ebp=0x00bafed8 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823fd100 Pid: 4 Tid: 348 Tags: SystemThread Created: 2012-06-29 14:16:49 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf8379038 rasacd.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f8379038: 51 PUSH ECX f8379039: 51 PUSH ECX f837903a: 53 PUSH EBX f837903b: 55 PUSH EBP f837903c: 56 PUSH ESI f837903d: 57 PUSH EDI f837903e: ff35109337f8 PUSH DWORD [0xf8379310] f8379044: ff15549237f8 CALL DWORD [0xf8379254] f837904a: bd549337f8 MOV EBP, 0xf8379354 f837904f: 33 DB 0x33 ------ ETHREAD: 0x823a7980 Pid: 1956 Tid: 2044 Tags: Created: 2012-06-29 14:16:56 Exited: - Owning Process: 0x81f2d308 'rundll32.exe' Attached Process: 0x81f2d308 'rundll32.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdd000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x01f5a980 Pid: 1124 Tid: 964 Tags: ScannerOnly Created: 2012-06-29 14:17:11 Exited: 2012-06-29 14:17:37 Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED ------ ETHREAD: 0x8237e410 Pid: 1168 Tid: 496 Tags: Created: 2012-06-29 14:17:23 Exited: - Owning Process: 0x823bd2b0 'svchost.exe' Attached Process: 0x823bd2b0 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffdc000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e71378 ebx=0x00000000 ecx=0x00000017 edx=0x77e71378 esi=0x000a0e38 edi=0x000a1538 eip=0x7c90e514 esp=0x0066fe18 ebp=0x0066ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8207f908 Pid: 684 Tid: 736 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:UserRequest BasePriority: 0xd Priority: 0xd TEB: 0x7ffd7000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1c3a440 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00000000 ecx=0x00befc7c edx=0x7c90e514 esi=0x00000000 edi=0x00000001 eip=0x7c90e514 esp=0x00befcec ebp=0x00beffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824a6698 Pid: 740 Tid: 1104 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:UserRequest BasePriority: 0x9 Priority: 0x9 TEB: 0x7ff9f000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00ebfeec ecx=0x00bafc70 edx=0x003659f0 esi=0x00000000 edi=0x7ffda000 eip=0x7c90e514 esp=0x00ebfec4 ebp=0x00ebff60 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82458110 Pid: 684 Tid: 1416 Tags: Created: 2012-06-29 14:16:53 Exited: 2012-06-29 14:17:19 Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Terminated BasePriority: 0xd Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED Eip: 0x7c90e514 eax=0x75bb29db ebx=0x00000000 ecx=0x00abf1a8 edx=0x00abef70 esi=0x00000000 edi=0x00eefe48 eip=0x7c90e514 esp=0x00eefe18 ebp=0x00eefe70 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000206 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823609a0 Pid: 4 Tid: 316 Tags: SystemThread Created: 2012-06-29 14:16:49 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf7bcc6c4 parport.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f7bcc6c4: 8bff MOV EDI, EDI f7bcc6c6: 55 PUSH EBP f7bcc6c7: 8bec MOV EBP, ESP f7bcc6c9: 83ec20 SUB ESP, 0x20 f7bcc6cc: 53 PUSH EBX f7bcc6cd: 56 PUSH ESI f7bcc6ce: 8b7508 MOV ESI, [EBP+0x8] f7bcc6d1: 57 PUSH EDI f7bcc6d2: 33db XOR EBX, EBX f7bcc6d4: 381dac94bdf7 CMP [0xf7bd94ac], BL ------ ETHREAD: 0x8240c020 Pid: 740 Tid: 852 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:WrQueue BasePriority: 0x9 Priority: 0xa TEB: 0x7ffaa000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1c83eb0 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00007530 ecx=0x744439f4 edx=0x00000008 esi=0x000b1088 edi=0x00000000 eip=0x7c90e514 esp=0x00b6feac ebp=0x00b6fed8 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824a6918 Pid: 740 Tid: 1100 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:UserRequest BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffa0000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77c3a341 ebx=0x00e7fe28 ecx=0x00bafc70 edx=0x003659f0 esi=0x00000000 edi=0x7ffda000 eip=0x7c90e514 esp=0x00e7fe00 ebp=0x00e7fe9c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82102488 Pid: 1452 Tid: 372 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82065c10 'wmiprvse.exe' Attached Process: 0x82065c10 'wmiprvse.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffaf000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00001661 ebx=0x00007530 ecx=0x00000558 edx=0x000bc6b0 esi=0x00000358 edi=0x00000000 eip=0x7c90e514 esp=0x00fbff28 ebp=0x00fbff8c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x02106da0 Pid: 1124 Tid: 1436 Tags: ScannerOnly Created: 2012-06-29 14:17:19 Exited: 2012-06-29 14:17:46 Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED Eip: 0x7c90e514 eax=0x5ba18f3c ebx=0x027afee0 ecx=0x00000000 edx=0x00000000 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x027afeb8 ebp=0x027aff54 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000202 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x02106b20 Pid: 4 Tid: 468 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x825c5120 Pid: 4 Tid: 36 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0xc Priority: 0xc TEB: 0x00000000 StartAddress: 0x80534bc2 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 80534bc2: 8bff MOV EDI, EDI 80534bc4: 55 PUSH EBP 80534bc5: 8bec MOV EBP, ESP 80534bc7: 83ec20 SUB ESP, 0x20 80534bca: 8b4d08 MOV ECX, [EBP+0x8] 80534bcd: 85c9 TEST ECX, ECX 80534bcf: 7806 JS 0x80534bd7 80534bd1: 8365f800 AND DWORD [EBP-0x8], 0x0 80534bd5: eb14 JMP 0x80534beb 80534bd7: 8d45e0 LEA EAX, [EBP-0x20] ------ ETHREAD: 0x82472928 Pid: 728 Tid: 1108 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:DelayExecution BasePriority: 0x9 Priority: 0xa TEB: 0x7ffa2000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00dde3c8 ebx=0x000ac0bc ecx=0x00dde438 edx=0x7ffffff0 esi=0x000d3fb0 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00ddff70 ebp=0x00ddff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f84990 Pid: 4 Tid: 576 Tags: SystemThread Created: 2012-06-29 14:16:51 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf35ae210 bthport.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f35ae210: 8bff MOV EDI, EDI f35ae212: 55 PUSH EBP f35ae213: 8bec MOV EBP, ESP f35ae215: 81ecb4000000 SUB ESP, 0xb4 f35ae21b: 57 PUSH EDI f35ae21c: 8b4508 MOV EAX, [EBP+0x8] f35ae21f: 89856cffffff MOV [EBP-0x94], EAX f35ae225: c7 DB 0xc7 f35ae226: 85 DB 0x85 f35ae227: 58 POP EAX ------ ETHREAD: 0x81f60da0 Pid: 728 Tid: 228 Tags: Created: 2012-06-29 14:17:01 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:DelayExecution BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffa6000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0000004c ebx=0x000ac0bc ecx=0x00cde898 edx=0x0101b040 esi=0x000b7070 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00cdff70 ebp=0x00cdff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f27ae0 Pid: 728 Tid: 1784 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:DelayExecution BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffa8000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0000000e ebx=0x000ac0bc ecx=0x00000010 edx=0x000197f8 esi=0x000c9df8 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00c5ff70 ebp=0x00c5ff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x01f4ec10 Pid: 4 Tid: 1292 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x820e0948 Pid: 1636 Tid: 224 Tags: Created: 2012-06-29 14:17:00 Exited: - Owning Process: 0x824ecda0 'explorer.exe' Attached Process: 0x824ecda0 'explorer.exe' State: Waiting:UserRequest BasePriority: 0xf Priority: 0xf TEB: 0x7ffab000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x72d230e8 ebx=0x020ffef8 ecx=0x00000001 edx=0x000002cd esi=0x00000000 edi=0x7ffd5000 eip=0x7c90e514 esp=0x020ffed0 ebp=0x020fff6c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x024be950 Pid: 4 Tid: 784 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x824aec38 Pid: 916 Tid: 936 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdd000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x82388980 Pid: 1208 Tid: 1212 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x820ee7e8 'svchost.exe' Attached Process: 0x820ee7e8 'svchost.exe' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdf000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1e05008 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000a0590 ebx=0x00000000 ecx=0x77de6f9e edx=0x00000000 esi=0x00000000 edi=0x000000bc eip=0x7c90e514 esp=0x0007fc48 ebp=0x0007fcb0 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82116958 Pid: 552 Tid: 560 Tags: Created: 2012-06-29 14:16:50 Exited: - Owning Process: 0x82388020 'smss.exe' Attached Process: 0x82388020 'smss.exe' State: Waiting:WrLpcReceive BasePriority: 0xb Priority: 0xc TEB: 0x7ffdc000 StartAddress: 0x485893b2 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x0000000c ecx=0x00000002 edx=0x00000003 esi=0x002afea8 edi=0x00000000 eip=0x7c90e514 esp=0x002afe50 ebp=0x002afff4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000202 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820eca80 Pid: 980 Tid: 1000 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x820ec650 'svchost.exe' Attached Process: 0x820ec650 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdb000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x00000000 edx=0x00000000 esi=0x00000000 edi=0x00000001 eip=0x7c90e514 esp=0x009ffcec ebp=0x009fffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x90023 es=0x9f0023 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820657e8 Pid: 1452 Tid: 1456 Tags: Created: 2012-06-29 14:17:18 Exited: - Owning Process: 0x82065c10 'wmiprvse.exe' Attached Process: 0x82065c10 'wmiprvse.exe' State: Waiting:WrUserRequest BasePriority: 0x8 Priority: 0xa TEB: 0x7ffdf000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe2231450 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x0007fee4 edx=0x00000000 esi=0x0007fe5c edi=0x00000000 eip=0x7c90e514 esp=0x0007fe20 ebp=0x0007fe3c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f5c990 Pid: 336 Tid: 1240 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x824fc928 'svchost.exe' Attached Process: 0x824fc928 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffde000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000a4c48 ebx=0x00000000 ecx=0x0000e20e edx=0x00000003 esi=0x0009ad08 edi=0x0009adac eip=0x7c90e514 esp=0x0066fe18 ebp=0x0066ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f39da0 Pid: 740 Tid: 860 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:UserRequest BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffa8000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000801 ebx=0x7c9010e0 ecx=0x00000810 edx=0x0001b9b9 esi=0x00000338 edi=0x00000000 eip=0x7c90e514 esp=0x00befeb4 ebp=0x00beff18 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82044da0 Pid: 1208 Tid: 208 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x820ee7e8 'svchost.exe' Attached Process: 0x820ee7e8 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffd4000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x765e721f ebx=0x00b9fef0 ecx=0x7c91019b edx=0x7c910222 esi=0x00000000 edi=0x7ffd6000 eip=0x7c90e514 esp=0x00b9fec8 ebp=0x00b9ff64 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824cea78 Pid: 728 Tid: 396 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:DelayExecution BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffa5000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x000ac0bc ecx=0x00000000 edx=0x00c9f8f4 esi=0x000cf140 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00d1ff70 ebp=0x00d1ff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x02104970 Pid: 168 Tid: 1864 Tags: ScannerOnly Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x82033868 'ipconfig.exe' Attached Process: 0x82033868 'ipconfig.exe' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED ------ ETHREAD: 0x022c7da0 Pid: 4 Tid: 1336 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x022bdda0 Pid: 4 Tid: 1600 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x8242c978 Pid: 1124 Tid: 1492 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffad000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x824ba980 Pid: 4 Tid: 144 Tags: SystemThread Created: 2012-06-29 14:16:48 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf7aff658 rdpdr.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f7aff658: 8bff MOV EDI, EDI f7aff65a: 55 PUSH EBP f7aff65b: 8bec MOV EBP, ESP f7aff65d: 6a00 PUSH 0x0 f7aff65f: ff7508 PUSH DWORD [EBP+0x8] f7aff662: e84998feff CALL 0xf7ae8eb0 f7aff667: 5d POP EBP f7aff668: c20400 RET 0x4 f7aff66b: cc INT 3 f7aff66c: cc INT 3 ------ ETHREAD: 0x820e0da0 Pid: 728 Tid: 524 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:DelayExecution BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffa3000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x000ac0bc ecx=0x00000000 edx=0x00d1f8e0 esi=0x000d0dc8 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00d9ff70 ebp=0x00d9ff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820ce990 Pid: 1972 Tid: 1376 Tags: Created: 2012-06-29 14:17:12 Exited: - Owning Process: 0x81f62da0 'vmtoolsd.exe' Attached Process: 0x81f62da0 'vmtoolsd.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffdb000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77df848a ebx=0x020efed0 ecx=0x00000000 edx=0x00000011 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x020efea8 ebp=0x020eff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x825c5da0 Pid: 4 Tid: 16 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0xd Priority: 0xd TEB: 0x00000000 StartAddress: 0x80534bc2 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 80534bc2: 8bff MOV EDI, EDI 80534bc4: 55 PUSH EBP 80534bc5: 8bec MOV EBP, ESP 80534bc7: 83ec20 SUB ESP, 0x20 80534bca: 8b4d08 MOV ECX, [EBP+0x8] 80534bcd: 85c9 TEST ECX, ECX 80534bcf: 7806 JS 0x80534bd7 80534bd1: 8365f800 AND DWORD [EBP-0x8], 0x0 80534bd5: eb14 JMP 0x80534beb 80534bd7: 8d45e0 LEA EAX, [EBP-0x20] ------ ETHREAD: 0x81f77b20 Pid: 1124 Tid: 1140 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdb000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1cbaeb0 CrossThreadFlags: Eip: 0x7c90e514 eax=0x02f31f10 ebx=0x00000000 ecx=0x02f31e90 edx=0x00000000 esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x009bff70 ebp=0x009bffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x9b0023 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824fe9a0 Pid: 4 Tid: 120 Tags: SystemThread Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0x9 Priority: 0x9 TEB: 0x00000000 StartAddress: 0xf2df4024 srv.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_HARD_ERRORS_DISABLED|PS_CROSS_THREAD_FLAGS_SYSTEM f2df4024: 8bff MOV EDI, EDI f2df4026: 55 PUSH EBP f2df4027: 8bec MOV EBP, ESP f2df4029: 83ec10 SUB ESP, 0x10 f2df402c: 53 PUSH EBX f2df402d: 33c0 XOR EAX, EAX f2df402f: 56 PUSH ESI f2df4030: 8b7508 MOV ESI, [EBP+0x8] f2df4033: 33c9 XOR ECX, ECX f2df4035: 81fe601fdff2 CMP ESI, 0xf2df1f60 ------ ETHREAD: 0x820a92f0 Pid: 740 Tid: 1400 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:DelayExecution BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffa4000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000801 ebx=0x00000000 ecx=0x00000810 edx=0x0001d751 esi=0xff676980 edi=0x7c90d93e eip=0x7c90e514 esp=0x00cbff6c ebp=0x00cbffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824cd790 Pid: 980 Tid: 280 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x820ec650 'svchost.exe' Attached Process: 0x820ec650 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffaf000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00bef120 ebx=0x00000000 ecx=0x00000000 edx=0x00092f48 esi=0x0009bd78 edi=0x00000100 eip=0x7c90e514 esp=0x00befe18 ebp=0x00beff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x01f4d1f8 Pid: 4 Tid: 1604 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x824f89a8 Pid: 1124 Tid: 1480 Tags: Created: 2012-06-29 14:17:18 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff8b000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x776c3ab8 ebx=0x7c901000 ecx=0x00000000 edx=0x00000000 esi=0x00001088 edi=0x00000000 eip=0x7c90e514 esp=0x0238ff20 ebp=0x0238ff84 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824a1da0 Pid: 684 Tid: 596 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:WrLpcReceive BasePriority: 0xd Priority: 0xd TEB: 0x7ffa7000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00000000 ecx=0x77de0b6a edx=0x00000048 esi=0x00e46200 edi=0x00e462a4 eip=0x7c90e514 esp=0x0149fe18 ebp=0x0149ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824951b8 Pid: 684 Tid: 1592 Tags: Created: 2012-06-29 14:16:53 Exited: 2012-06-29 14:17:21 Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Terminated BasePriority: 0xd Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED ------ ETHREAD: 0x02397158 Pid: 4 Tid: 452 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x82488da0 Pid: 728 Tid: 808 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:UserRequest BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffdc000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00000000 ecx=0xffffffff edx=0x00097a80 esi=0x00000000 edi=0x00000001 eip=0x7c90e514 esp=0x0066fcec ebp=0x0066ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f5fc10 Pid: 336 Tid: 428 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x824fc928 'svchost.exe' Attached Process: 0x824fc928 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdc000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000001 ebx=0x006efef4 ecx=0x01cd5601 edx=0x01cd5601 esi=0x00000000 edi=0x7ffd8000 eip=0x7c90e514 esp=0x006efecc ebp=0x006eff68 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8235c020 Pid: 684 Tid: 716 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:DelayExecution BasePriority: 0xd Priority: 0xd TEB: 0x7ffda000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00000000 ecx=0x4390d96e edx=0x0006f468 esi=0x00000003 edi=0x00000000 eip=0x7c90e514 esp=0x00b2ff9c ebp=0x00b2ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823941d0 Pid: 1736 Tid: 800 Tags: Created: 2012-06-29 14:17:46 Exited: - Owning Process: 0x8206f758 'spoolsv.exe' Attached Process: 0x8206f758 'spoolsv.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd7000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00000000 ecx=0x0000ffff edx=0x00e94500 esi=0x000b5200 edi=0x00000100 eip=0x7c90e514 esp=0x00a7fe18 ebp=0x00a7ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x024bc5d0 Pid: 4 Tid: 192 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x8239ba48 Pid: 916 Tid: 1804 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffaa000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00007530 ecx=0x00b6fdec edx=0x00000000 esi=0x00000012 edi=0x00000000 eip=0x7c90e514 esp=0x00e5feac ebp=0x00e5fed8 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x020fe528 Pid: 4 Tid: 1068 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x820705a8 Pid: 684 Tid: 960 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:UserRequest BasePriority: 0xd Priority: 0xd TEB: 0x7ffaf000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x0246fa78 Pid: 728 Tid: 1236 Tags: ScannerOnly Created: 2012-06-29 14:17:11 Exited: 2012-06-29 14:17:41 Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Terminated BasePriority: 0x9 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00defed0 ecx=0x00000000 edx=0x00000011 esi=0x00000000 edi=0x7ffdd000 eip=0x7c90e514 esp=0x00defea8 ebp=0x00deff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8248a8b0 Pid: 1124 Tid: 128 Tags: Created: 2012-06-29 14:17:20 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ff69000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x00155a60 edx=0x00000018 esi=0x0013ff00 edi=0x02f715f0 eip=0x7c90e514 esp=0x0317fe18 ebp=0x0317ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x821139f0 Pid: 604 Tid: 188 Tags: Created: 2012-06-29 14:17:46 Exited: - Owning Process: 0x8240d020 'csrss.exe' Attached Process: 0x8240d020 'csrss.exe' State: Waiting:WrUserRequest BasePriority: 0xd Priority: 0xf TEB: 0x7ffd5000 StartAddress: 0x75b61e82 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe211a6a8 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x7ffd5000 edx=0x004f23b0 esi=0x0123ffac edi=0x0008013f eip=0x7c90e514 esp=0x0123ff50 ebp=0x0123ff6c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00003246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824d11a8 Pid: 728 Tid: 184 Tags: Created: 2012-06-29 14:16:56 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:WrLpcReceive BasePriority: 0x9 Priority: 0xa TEB: 0x7ffa7000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a999 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x00000412 edx=0x00c9f8f8 esi=0x000a6820 edi=0x000d9d08 eip=0x7c90e514 esp=0x00c9fe18 ebp=0x00c9ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823acda0 Pid: 1124 Tid: 1704 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffa7000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1c2d6a8 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0198e000 ebx=0x017bfdd4 ecx=0x017bf4f8 edx=0x00001000 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x017bfdac ebp=0x017bfe48 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x825c4620 Pid: 4 Tid: 56 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0xc Priority: 0xc TEB: 0x00000000 StartAddress: 0x80534bc2 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 80534bc2: 8bff MOV EDI, EDI 80534bc4: 55 PUSH EBP 80534bc5: 8bec MOV EBP, ESP 80534bc7: 83ec20 SUB ESP, 0x20 80534bca: 8b4d08 MOV ECX, [EBP+0x8] 80534bcd: 85c9 TEST ECX, ECX 80534bcf: 7806 JS 0x80534bd7 80534bd1: 8365f800 AND DWORD [EBP-0x8], 0x0 80534bd5: eb14 JMP 0x80534beb 80534bd7: 8d45e0 LEA EAX, [EBP-0x20] ------ ETHREAD: 0x81f521f8 Pid: 916 Tid: 1556 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffaf000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x00000ef0 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00cffe60 ebx=0x00000000 ecx=0x00cffdf8 edx=0x7c90e514 esi=0x761330a0 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00cffe6c ebp=0x00cfffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000296 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8248b700 Pid: 1124 Tid: 1132 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffdd000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a862 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000a8000 ebx=0x77df3251 ecx=0x0093fac8 edx=0x00001000 esi=0x000a17a8 edi=0x000a0214 eip=0x7c90e514 esp=0x0093fe04 ebp=0x0093ff34 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f3f020 Pid: 552 Tid: 556 Tags: Created: 2012-06-29 14:16:50 Exited: - Owning Process: 0x82388020 'smss.exe' Attached Process: 0x82388020 'smss.exe' State: Waiting:UserRequest BasePriority: 0xb Priority: 0xb TEB: 0x7ffdd000 StartAddress: 0x4858a4c8 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x023a1460 Pid: 4 Tid: 1548 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x023975d0 Pid: 4 Tid: 1708 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x824f9650 Pid: 1124 Tid: 1464 Tags: Created: 2012-06-29 14:17:18 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff75000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x4c0a4c28 ebx=0x02cefed0 ecx=0x00003000 edx=0x00000018 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x02cefea8 ebp=0x02ceff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8250e020 Pid: 604 Tid: 692 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8240d020 'csrss.exe' Attached Process: 0x8240d020 'csrss.exe' State: Waiting:WrLpcReceive BasePriority: 0xd Priority: 0xe TEB: 0x7ffde000 StartAddress: 0x75b4461c Win32StartAddress: 0x0000a9b2 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1955358 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0000003a ebx=0x7c901000 ecx=0x0000000d edx=0x00000018 esi=0x00000000 edi=0x75b489a0 eip=0x7c90e514 esp=0x006afec8 ebp=0x006afff4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00003296 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823a3a20 Pid: 728 Tid: 1368 Tags: Created: 2012-06-29 14:17:12 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:WrLpcReceive BasePriority: 0x9 Priority: 0xa TEB: 0x7ff9e000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x00000412 edx=0x00edf8f8 esi=0x000a6820 edi=0x000d9570 eip=0x7c90e514 esp=0x00edfe18 ebp=0x00edff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x7dbb0023 es=0xed0023 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824ce228 Pid: 1124 Tid: 412 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff97000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x00000c7c ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe20d68c8 CrossThreadFlags: Eip: 0x7c90e514 eax=0x026f0000 ebx=0x01edfe00 ecx=0x01edfcb4 edx=0x7c90e514 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x01edfdd8 ebp=0x01edfe74 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820cada0 Pid: 1124 Tid: 1060 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff7e000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1f882e8 CrossThreadFlags: Eip: 0x7c90e514 eax=0x7529e418 ebx=0x0297fde8 ecx=0x0276fe0c edx=0x7c9101db esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x0297fdc0 ebp=0x0297fe5c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820ed230 Pid: 980 Tid: 984 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x820ec650 'svchost.exe' Attached Process: 0x820ec650 'svchost.exe' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdf000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe196bba0 CrossThreadFlags: ------ ETHREAD: 0x820e2da0 Pid: 1208 Tid: 1276 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x820ee7e8 'svchost.exe' Attached Process: 0x820ee7e8 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffd8000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00000000 ecx=0x00000000 edx=0x00000000 esi=0x00000000 edi=0x00000001 eip=0x7c90e514 esp=0x00acfcec ebp=0x00acffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824ad238 Pid: 604 Tid: 748 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8240d020 'csrss.exe' Attached Process: 0x8240d020 'csrss.exe' State: Waiting:WrUserRequest BasePriority: 0xd Priority: 0xe TEB: 0x7ffd7000 StartAddress: 0x75b67cdf ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe164f2d8 CrossThreadFlags: ------ ETHREAD: 0x81f79460 Pid: 1168 Tid: 1248 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x823bd2b0 'svchost.exe' Attached Process: 0x823bd2b0 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdb000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x8251d020 Pid: 740 Tid: 836 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:UserRequest BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffae000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000058 ebx=0x7c9010e0 ecx=0x00a69c50 edx=0x00700002 esi=0x000000bc edi=0x00000000 eip=0x7c90e514 esp=0x00a6feb4 ebp=0x00a6ff18 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824d8248 Pid: 728 Tid: 1612 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:DelayExecution BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffaa000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00001003 ebx=0x000ac0bc ecx=0x00001010 edx=0x0006ea96 esi=0x000c67b8 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00bdff70 ebp=0x00bdff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82048250 Pid: 740 Tid: 792 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:UserRequest BasePriority: 0x9 Priority: 0xa TEB: 0x7ffd7000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77df848a ebx=0x0090fed0 ecx=0x00000000 edx=0x00000011 esi=0x00000000 edi=0x7ffda000 eip=0x7c90e514 esp=0x0090fea8 ebp=0x0090ff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8204a980 Pid: 684 Tid: 1312 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:UserRequest BasePriority: 0xb Priority: 0xb TEB: 0x7ffa9000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x824a31a0 Pid: 684 Tid: 216 Tags: Created: 2012-06-29 14:17:03 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:UserRequest BasePriority: 0x1 Priority: 0x1 TEB: 0x7ffac000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x769d3c11 ebx=0x0119fe28 ecx=0x00070000 edx=0x000706e8 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x0119fe00 ebp=0x0119fe9c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823bba48 Pid: 1124 Tid: 1796 Tags: Created: 2012-06-29 14:16:55 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff9e000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000204 ebx=0x00000000 ecx=0x7c809ad6 edx=0x000cf3d8 esi=0x000d6558 edi=0x000d65fc eip=0x7c90e514 esp=0x01b7fe18 ebp=0x01b7ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823c0a58 Pid: 1208 Tid: 456 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x820ee7e8 'svchost.exe' Attached Process: 0x820ee7e8 'svchost.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdb000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00007530 ecx=0x009cfe0c edx=0x00000000 esi=0x0009f250 edi=0x00000000 eip=0x7c90e514 esp=0x00a0feac ebp=0x00a0fed8 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82374b10 Pid: 740 Tid: 756 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:Executive BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffde000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e887da ebx=0x00000000 ecx=0x000c5530 edx=0x00870002 esi=0x00000000 edi=0x00000090 eip=0x7c90e514 esp=0x0066fc38 ebp=0x0066fca0 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82389268 Pid: 684 Tid: 952 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:UserRequest BasePriority: 0xd Priority: 0xe TEB: 0x7ffd5000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00e31000 ebx=0x00000002 ecx=0x00edfb98 edx=0x00001000 esi=0x76c629b8 edi=0x00000000 eip=0x7c90e514 esp=0x00edff64 ebp=0x00edffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82043a70 Pid: 980 Tid: 1688 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x820ec650 'svchost.exe' Attached Process: 0x820ec650 'svchost.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd6000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000de000 ebx=0x000995f4 ecx=0x00b2f110 edx=0x00001000 esi=0x000b7260 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00b2ff70 ebp=0x00b2ff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x02058768 Pid: 4 Tid: 1668 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x823a2a78 Pid: 916 Tid: 300 Tags: Created: 2012-06-29 14:17:18 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd6000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00000000 ecx=0x00adfca4 edx=0x000000f4 esi=0x000a02e8 edi=0x00000100 eip=0x7c90e514 esp=0x00b1fe18 ebp=0x00b1ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x825bfda0 Pid: 4 Tid: 80 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x8053c2d0 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 8053c2d0: 8bff MOV EDI, EDI 8053c2d2: 55 PUSH EBP 8053c2d3: 8bec MOV EBP, ESP 8053c2d5: 83ec60 SUB ESP, 0x60 8053c2d8: 53 PUSH EBX 8053c2d9: 56 PUSH ESI 8053c2da: 57 PUSH EDI 8053c2db: 64a124010000 MOV EAX, [FS:0x124] 8053c2e1: 6a10 PUSH 0x10 8053c2e3: 50 PUSH EAX ------ ETHREAD: 0x82386a80 Pid: 980 Tid: 992 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x820ec650 'svchost.exe' Attached Process: 0x820ec650 'svchost.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdd000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00000000 ecx=0x77dd8834 edx=0x77e462f8 esi=0x00000000 edi=0x0066fa20 eip=0x7c90e514 esp=0x0097ff9c ebp=0x0097ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x020fc8b0 Pid: 4 Tid: 1036 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x8204ba90 Pid: 1124 Tid: 1128 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffde000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1ca5eb0 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x7db8cc90 edx=0x0000008b esi=0x00000000 edi=0x000000c4 eip=0x7c90e514 esp=0x0007fc48 ebp=0x0007fcb0 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824c7da0 Pid: 1452 Tid: 1584 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82065c10 'wmiprvse.exe' Attached Process: 0x82065c10 'wmiprvse.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdc000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x774fe4ef ebx=0x00007530 ecx=0x7ffd7000 edx=0x00000000 esi=0x00000000 edi=0x00bdff50 eip=0x7c90e514 esp=0x00bdff20 ebp=0x00bdff78 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000206 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f27da0 Pid: 1124 Tid: 1780 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff9d000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000204 ebx=0x00000000 ecx=0x7c809ad6 edx=0x000dd3d0 esi=0x000d6558 edi=0x000d65fc eip=0x7c90e514 esp=0x01bffe18 ebp=0x01bfff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824743c0 Pid: 1124 Tid: 520 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff96000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00000000 ecx=0x7c80ae90 edx=0x01fffb00 esi=0x000fd4d8 edi=0x000fd57c eip=0x7c90e514 esp=0x01f1fe18 ebp=0x01f1ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x825c3da0 Pid: 4 Tid: 68 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0xe Priority: 0xe TEB: 0x00000000 StartAddress: 0x8060b32c ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 8060b32c: 8bff MOV EDI, EDI 8060b32e: 55 PUSH EBP 8060b32f: 8bec MOV EBP, ESP 8060b331: 83ec34 SUB ESP, 0x34 8060b334: 53 PUSH EBX 8060b335: 56 PUSH ESI 8060b336: 57 PUSH EDI 8060b337: 64a124010000 MOV EAX, [FS:0x124] 8060b33d: 6a06 PUSH 0x6 8060b33f: 50 PUSH EAX ------ ETHREAD: 0x81f22b20 Pid: 1208 Tid: 376 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x820ee7e8 'svchost.exe' Attached Process: 0x820ee7e8 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffaf000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a79d ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00bdf818 ecx=0x003c3a20 edx=0x00000000 esi=0x00000000 edi=0x7ffd6000 eip=0x7c90e514 esp=0x00bdf7f0 ebp=0x00bdf88c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8209e020 Pid: 1636 Tid: 220 Tags: Created: 2012-06-29 14:17:00 Exited: - Owning Process: 0x824ecda0 'explorer.exe' Attached Process: 0x824ecda0 'explorer.exe' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffae000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe212d008 CrossThreadFlags: ------ ETHREAD: 0x824fe2c8 Pid: 336 Tid: 384 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x824fc928 'svchost.exe' Attached Process: 0x824fc928 'svchost.exe' State: Waiting:WrUserRequest BasePriority: 0x8 Priority: 0xa TEB: 0x7ffdd000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe21039c8 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x4c07184c ecx=0x006aff2c edx=0x00840000 esi=0x006aff98 edi=0x7e4191c6 eip=0x7c90e514 esp=0x006aff28 ebp=0x006aff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x020ae2d8 Pid: 4 Tid: 476 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:16:49 Exited: 2012-06-29 14:16:49 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x81f7cae0 Pid: 1124 Tid: 1716 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0xa TEB: 0x7ffa6000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00000000 ecx=0x017bfddc edx=0x00000000 esi=0x000db978 edi=0x00000100 eip=0x7c90e514 esp=0x0187fe18 ebp=0x0187ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820675d0 Pid: 268 Tid: 324 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x823a7da0 'svchost.exe' Attached Process: 0x823a7da0 'svchost.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd9000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0xffffffff ecx=0x0093fdf0 edx=0x00000000 esi=0x0009f250 edi=0x00000000 eip=0x7c90e514 esp=0x00b9feac ebp=0x00b9fed8 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82044620 Pid: 1452 Tid: 1532 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82065c10 'wmiprvse.exe' Attached Process: 0x82065c10 'wmiprvse.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd4000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77df848a ebx=0x00ebfed0 ecx=0x00000000 edx=0x00000011 esi=0x00000000 edi=0x7ffd7000 eip=0x7c90e514 esp=0x00ebfea8 ebp=0x00ebff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820352e8 Pid: 1208 Tid: 1536 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x820ee7e8 'svchost.exe' Attached Process: 0x820ee7e8 'svchost.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffda000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00000000 ecx=0x00000000 edx=0x7c97e214 esi=0x7c915bbd edi=0x00000001 eip=0x7c90e514 esp=0x00a4ff9c ebp=0x00a4ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820fada0 Pid: 684 Tid: 180 Tags: Created: 2012-06-29 14:17:41 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:WrLpcReceive BasePriority: 0xd Priority: 0xd TEB: 0x7ffdd000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00000000 ecx=0x0149fad0 edx=0x00175010 esi=0x00e46200 edi=0x00000100 eip=0x7c90e514 esp=0x00a6fe18 ebp=0x00a6ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823ac2f0 Pid: 1636 Tid: 1700 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x824ecda0 'explorer.exe' Attached Process: 0x824ecda0 'explorer.exe' State: Waiting:WrUserRequest BasePriority: 0x9 Priority: 0xd TEB: 0x7ffdb000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1d18008 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000001 ebx=0x7e42929a ecx=0x00000019 edx=0x00000002 esi=0x010460f8 edi=0x00000000 eip=0x7c90e514 esp=0x00eeff14 ebp=0x00eeff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x0205bd80 Pid: 4 Tid: 976 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x824f91d0 Pid: 528 Tid: 1404 Tags: Created: 2012-06-29 14:17:18 Exited: - Owning Process: 0x81f5e478 'vmtoolsd.exe' Attached Process: 0x81f5e478 'vmtoolsd.exe' State: Waiting:WrLpcReceive BasePriority: 0xd Priority: 0xd TEB: 0x7ffd9000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a909 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00181998 ebx=0x00000000 ecx=0x00000000 edx=0x00000002 esi=0x00166ee8 edi=0x00000100 eip=0x7c90e514 esp=0x0216fe18 ebp=0x0216ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f36620 Pid: 1452 Tid: 204 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82065c10 'wmiprvse.exe' Attached Process: 0x82065c10 'wmiprvse.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffd6000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000d7000 ebx=0x00007530 ecx=0x00d1fcac edx=0x00001000 esi=0x00000270 edi=0x00000000 eip=0x7c90e514 esp=0x00d1ff28 ebp=0x00d1ff8c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824562f8 Pid: 604 Tid: 680 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8240d020 'csrss.exe' Attached Process: 0x8240d020 'csrss.exe' State: Waiting:WrLpcReceive BasePriority: 0xd Priority: 0xe TEB: 0x7ffda000 StartAddress: 0x75b43b3a ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x020fdd78 Pid: 4 Tid: 1600 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x81f22480 Pid: 1124 Tid: 1320 Tags: Created: 2012-06-29 14:17:21 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0xa TEB: 0x7ff94000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe2217358 CrossThreadFlags: Eip: 0x7c90e514 eax=0x774e6228 ebx=0x00000000 ecx=0x774e5128 edx=0x00000004 esi=0x000c5150 edi=0x00000100 eip=0x7c90e514 esp=0x01fffe18 ebp=0x01ffff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x825c2308 Pid: 4 Tid: 72 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrVirtualMemory BasePriority: 0x8 Priority: 0x12 TEB: 0x00000000 StartAddress: 0x80509590 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 80509590: 8bff MOV EDI, EDI 80509592: 55 PUSH EBP 80509593: 8bec MOV EBP, ESP 80509595: 51 PUSH ECX 80509596: 51 PUSH ECX 80509597: 53 PUSH EBX 80509598: 56 PUSH ESI 80509599: 57 PUSH EDI 8050959a: 64a124010000 MOV EAX, [FS:0x124] 805095a0: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x82402da0 Pid: 604 Tid: 676 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8240d020 'csrss.exe' Attached Process: 0x8240d020 'csrss.exe' State: Waiting:WrLpcReceive BasePriority: 0xd Priority: 0xe TEB: 0x7ffdb000 StartAddress: 0x75b4461c Win32StartAddress: 0x0000a9b1 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe18c4898 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0000003a ebx=0x7c901000 ecx=0x00000009 edx=0x00000018 esi=0x00000000 edi=0x75b489a0 eip=0x7c90e514 esp=0x0053fec8 ebp=0x0053fff4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00003246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823acb10 Pid: 1636 Tid: 1696 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x824ecda0 'explorer.exe' Attached Process: 0x824ecda0 'explorer.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdc000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x824c4da0 Pid: 1452 Tid: 1560 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82065c10 'wmiprvse.exe' Attached Process: 0x82065c10 'wmiprvse.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffde000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x5f771c49 ebx=0x00a4fed0 ecx=0x005c0032 edx=0x00000006 esi=0x00000000 edi=0x7ffd7000 eip=0x7c90e514 esp=0x00a4fea8 ebp=0x00a4ff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824cd318 Pid: 268 Tid: 320 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x823a7da0 'svchost.exe' Attached Process: 0x823a7da0 'svchost.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffda000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000b0000 ebx=0x00000000 ecx=0x00b5fcd8 edx=0x00002000 esi=0x00000000 edi=0x00000000 eip=0x7c90e514 esp=0x00b5fee4 ebp=0x00b5ff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000202 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x825c4b20 Pid: 4 Tid: 48 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0xc Priority: 0xc TEB: 0x00000000 StartAddress: 0x80534bc2 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 80534bc2: 8bff MOV EDI, EDI 80534bc4: 55 PUSH EBP 80534bc5: 8bec MOV EBP, ESP 80534bc7: 83ec20 SUB ESP, 0x20 80534bca: 8b4d08 MOV ECX, [EBP+0x8] 80534bcd: 85c9 TEST ECX, ECX 80534bcf: 7806 JS 0x80534bd7 80534bd1: 8365f800 AND DWORD [EBP-0x8], 0x0 80534bd5: eb14 JMP 0x80534beb 80534bd7: 8d45e0 LEA EAX, [EBP-0x20] ------ ETHREAD: 0x820e4328 Pid: 1736 Tid: 244 Tags: Created: 2012-06-29 14:17:23 Exited: - Owning Process: 0x8206f758 'spoolsv.exe' Attached Process: 0x8206f758 'spoolsv.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffd8000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00a2fe28 ebx=0x00000000 ecx=0x0009dc04 edx=0x0009db78 esi=0x0009b170 edi=0x0009de20 eip=0x7c90e514 esp=0x00a2fe18 ebp=0x00a2ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8206bda0 Pid: 1972 Tid: 1976 Tags: Created: 2012-06-29 14:16:56 Exited: - Owning Process: 0x81f62da0 'vmtoolsd.exe' Attached Process: 0x81f62da0 'vmtoolsd.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffde000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1e54580 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0012faa0 ebx=0x00196ed8 ecx=0x00000004 edx=0x00000000 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x0012fae4 ebp=0x0012fb80 err=0x00000000 cs=0x1b ss=0x23 ds=0x250023 es=0x250023 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f96c88 Pid: 4 Tid: 116 Tags: SystemThread Created: 2012-06-29 14:16:46 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x822c4da0 Pid: 1736 Tid: 1460 Tags: Created: 2012-06-29 14:17:23 Exited: - Owning Process: 0x8206f758 'spoolsv.exe' Attached Process: 0x8206f758 'spoolsv.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffaf000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x75bb5c3a ebx=0x00000000 ecx=0x77de0b64 edx=0x00000000 esi=0x0000017c edi=0x00000000 eip=0x7c90e514 esp=0x00f2ff18 ebp=0x00f2ff7c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824cf558 Pid: 1124 Tid: 492 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ff8e000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x021bfd7c ecx=0x021bfae8 edx=0x7c90e514 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x021bfd54 ebp=0x021bfdf0 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x01defda0 Pid: 4 Tid: 1668 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x8205e340 Pid: 916 Tid: 1524 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffad000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x769c8607 ebx=0x00d9fed0 ecx=0x00d9ffb0 edx=0x7c90e514 esi=0x00000000 edi=0x7ffd7000 eip=0x7c90e514 esp=0x00d9fea8 ebp=0x00d9ff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f1b5e0 Pid: 420 Tid: 460 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x821013c0 'alg.exe' Attached Process: 0x821013c0 'alg.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffde000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe226a6f0 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000089 ebx=0x0066fed8 ecx=0x00000010 edx=0x0001578b esi=0x00000000 edi=0x7ffd9000 eip=0x7c90e514 esp=0x0066feb0 ebp=0x0066ff4c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824d2c10 Pid: 1124 Tid: 1232 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ff89000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x00155a60 edx=0x00000018 esi=0x0013ff00 edi=0x000f2a90 eip=0x7c90e514 esp=0x0256fe18 ebp=0x0256ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8244f020 Pid: 604 Tid: 696 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8240d020 'csrss.exe' Attached Process: 0x8240d020 'csrss.exe' State: Waiting:WrUserRequest BasePriority: 0xd Priority: 0xd TEB: 0x7ffd9000 StartAddress: 0x75b67cdf ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1908980 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000001 ecx=0x00000002 edx=0x00000003 esi=0x00164a00 edi=0x00000005 eip=0x7c90e514 esp=0x006effe4 ebp=0x00000000 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00003206 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823c6348 Pid: 552 Tid: 564 Tags: Created: 2012-06-29 14:16:50 Exited: - Owning Process: 0x82388020 'smss.exe' Attached Process: 0x82388020 'smss.exe' State: Waiting:WrLpcReceive BasePriority: 0xb Priority: 0xc TEB: 0x7ffdb000 StartAddress: 0x485893b2 Win32StartAddress: 0x00000e74 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x0000000c ecx=0x00000002 edx=0x00000003 esi=0x002efea8 edi=0x00000000 eip=0x7c90e514 esp=0x002efe50 ebp=0x002efff4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000202 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x02397a48 Pid: 4 Tid: 1884 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x82046c88 Pid: 728 Tid: 884 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:WrQueue BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffd8000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00007530 ecx=0xffff0000 edx=0x00094240 esi=0x000ac718 edi=0x00000000 eip=0x7c90e514 esp=0x0072feac ebp=0x0072fed8 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x02396da0 Pid: 4 Tid: 1508 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x8206b320 Pid: 1124 Tid: 584 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff91000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00000000 ecx=0x0207faec edx=0x000ffb80 esi=0x001013b0 edi=0x00101454 eip=0x7c90e514 esp=0x020ffe18 ebp=0x020fff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8202b360 Pid: 1636 Tid: 1860 Tags: Created: 2012-06-29 14:16:55 Exited: - Owning Process: 0x824ecda0 'explorer.exe' Attached Process: 0x824ecda0 'explorer.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0xa TEB: 0x7ffd8000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00000000 ecx=0x00eefbbc edx=0x00000000 esi=0x00000000 edi=0x00000001 eip=0x7c90e514 esp=0x00fafcec ebp=0x00faffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824f5490 Pid: 1636 Tid: 132 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x824ecda0 'explorer.exe' Attached Process: 0x824ecda0 'explorer.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0xb TEB: 0x7ffaf000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a98f ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe2323008 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00000000 ecx=0x00000000 edx=0x00000000 esi=0x000bbb90 edi=0x00000100 eip=0x7c90e514 esp=0x0182fe18 ebp=0x0182ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824ca368 Pid: 980 Tid: 1396 Tags: Created: 2012-06-29 14:17:18 Exited: - Owning Process: 0x820ec650 'svchost.exe' Attached Process: 0x820ec650 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffab000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00cef01c ebx=0x00000000 ecx=0x00090748 edx=0x00000012 esi=0x0009bd78 edi=0x00000100 eip=0x7c90e514 esp=0x00cefe18 ebp=0x00ceff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f52a78 Pid: 916 Tid: 1820 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffa7000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x769c8761 ebx=0x00f3fef4 ecx=0x7c91999c edx=0x00d9fca4 esi=0x00000000 edi=0x7ffd7000 eip=0x7c90e514 esp=0x00f3fecc ebp=0x00f3ff68 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824fd8b0 Pid: 1124 Tid: 744 Tags: Created: 2012-06-29 14:17:46 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x9 Priority: 0x9 TEB: 0x7ff90000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x7509a6d0 ebx=0x750a4db0 ecx=0x00000002 edx=0x00000000 esi=0x00000001 edi=0x00000000 eip=0x7c90e514 esp=0x0213fde8 ebp=0x0213ff34 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f21370 Pid: 1208 Tid: 2000 Tags: Created: 2012-06-29 14:17:19 Exited: 2012-06-29 14:17:20 Owning Process: 0x820ee7e8 'svchost.exe' Attached Process: 0x820ee7e8 'svchost.exe' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED Eip: 0x7c90e514 eax=0x75bb29db ebx=0x00000000 ecx=0x00abf1a8 edx=0x00abef70 esi=0x00000000 edi=0x00eefe48 eip=0x7c90e514 esp=0x00eefe18 ebp=0x00eefe70 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000206 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824cc7e8 Pid: 728 Tid: 1196 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:UserRequest BasePriority: 0x9 Priority: 0xa TEB: 0x7ff9f000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x5f771d97 ebx=0x00e9fecc ecx=0x00e5fe8c edx=0x00000008 esi=0x00000000 edi=0x7ffdb000 eip=0x7c90e514 esp=0x00e9fea4 ebp=0x00e9ff40 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82046378 Pid: 728 Tid: 1144 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:DelayExecution BasePriority: 0x9 Priority: 0xa TEB: 0x7ffaf000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000007b8 ebx=0x000ac0bc ecx=0x7ffaf000 edx=0x0101b040 esi=0x000c1a00 edi=0x7c9010e0 eip=0x7c90e514 esp=0x0097ff70 ebp=0x0097ff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x024c1928 Pid: 1736 Tid: 2028 Tags: ScannerOnly Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x8206f758 'spoolsv.exe' Attached Process: 0x8206f758 'spoolsv.exe' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED ------ ETHREAD: 0x81f85380 Pid: 1636 Tid: 1848 Tags: Created: 2012-06-29 14:16:55 Exited: - Owning Process: 0x824ecda0 'explorer.exe' Attached Process: 0x824ecda0 'explorer.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffda000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x824b3740 Pid: 740 Tid: 844 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:UserRequest BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffac000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x020fc438 Pid: 4 Tid: 1040 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x822c1da0 Pid: 1736 Tid: 1500 Tags: Created: 2012-06-29 14:17:23 Exited: - Owning Process: 0x8206f758 'spoolsv.exe' Attached Process: 0x8206f758 'spoolsv.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffab000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x774fe4ef ebx=0x00007530 ecx=0x7ffda000 edx=0x00000000 esi=0x00000000 edi=0x0131ff50 eip=0x7c90e514 esp=0x0131ff20 ebp=0x0131ff78 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000206 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820644b0 Pid: 528 Tid: 1384 Tags: Created: 2012-06-29 14:17:18 Exited: - Owning Process: 0x81f5e478 'vmtoolsd.exe' Attached Process: 0x81f5e478 'vmtoolsd.exe' State: Waiting:UserRequest BasePriority: 0xd Priority: 0xd TEB: 0x7ffdb000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1f5a840 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0119fc1c ebx=0x00c3edf0 ecx=0xeca1722d edx=0x00d33ac0 esi=0x00000310 edi=0x00000000 eip=0x7c90e514 esp=0x0119fe34 ebp=0x0119fe98 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820fb390 Pid: 1124 Tid: 212 Tags: Created: 2012-06-29 14:17:28 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ff85000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x774fe4ef ebx=0x00007530 ecx=0x00000010 edx=0x02eaed10 esi=0x00000d0c edi=0x00000000 eip=0x7c90e514 esp=0x029fff28 ebp=0x029fff8c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f3a5d0 Pid: 728 Tid: 892 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:UserRequest BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffd6000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x02100368 Pid: 4 Tid: 1944 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x8246ab98 Pid: 4 Tid: 104 Tags: SystemThread Created: 2012-06-29 14:16:45 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf851f91e dmio.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f851f91e: 8bff MOV EDI, EDI f851f920: 55 PUSH EBP f851f921: 8bec MOV EBP, ESP f851f923: 51 PUSH ECX f851f924: 56 PUSH ESI f851f925: be884553f8 MOV ESI, 0xf8534588 f851f92a: 57 PUSH EDI f851f92b: 8bce MOV ECX, ESI f851f92d: ff15882b53f8 CALL DWORD [0xf8532b88] f851f933: 33ff XOR EDI, EDI ------ ETHREAD: 0x825c53a0 Pid: 4 Tid: 32 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0xd Priority: 0xd TEB: 0x00000000 StartAddress: 0x80534bc2 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 80534bc2: 8bff MOV EDI, EDI 80534bc4: 55 PUSH EBP 80534bc5: 8bec MOV EBP, ESP 80534bc7: 83ec20 SUB ESP, 0x20 80534bca: 8b4d08 MOV ECX, [EBP+0x8] 80534bcd: 85c9 TEST ECX, ECX 80534bcf: 7806 JS 0x80534bd7 80534bd1: 8365f800 AND DWORD [EBP-0x8], 0x0 80534bd5: eb14 JMP 0x80534beb 80534bd7: 8d45e0 LEA EAX, [EBP-0x20] ------ ETHREAD: 0x02068da0 Pid: 4 Tid: 1528 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x8237fba8 Pid: 1124 Tid: 1720 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffa5000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000401 ebx=0x00007530 ecx=0x00000410 edx=0x00028eaf esi=0x0009fc30 edi=0x00000000 eip=0x7c90e514 esp=0x018bfeac ebp=0x018bfed8 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8248bda0 Pid: 740 Tid: 824 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:WrLpcReceive BasePriority: 0x9 Priority: 0xa TEB: 0x7ffd5000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x000b21f0 edx=0xffffffff esi=0x000b20a8 edi=0x000b25b8 eip=0x7c90e514 esp=0x009afe18 ebp=0x009aff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x0250cb48 Pid: 4 Tid: 1376 Tags: ScannerOnly Created: 2012-06-29 14:16:53 Exited: 2012-06-29 14:16:53 Owning Process: 0x0 '' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x8250c780 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: 8250c780: 4d DEC EBP 8250c781: 2d53454152 SUB EAX, 0x52414553 8250c786: 43 INC EBX 8250c787: 48 DEC EAX 8250c788: 202a AND [EDX], CH 8250c78a: 204854 AND [EAX+0x54], CL 8250c78d: 54 PUSH ESP 8250c78e: 50 PUSH EAX 8250c78f: 2f DAS 8250c790: 312e XOR [ESI], EBP ------ ETHREAD: 0x82375da0 Pid: 1124 Tid: 1752 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffa0000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a8f7 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe219d980 CrossThreadFlags: Eip: 0x7c90e514 eax=0x7ffa0000 ebx=0x0009e64c ecx=0x7c809a90 edx=0x00001002 esi=0x000d9510 edi=0x7c9010e0 eip=0x7c90e514 esp=0x01afff70 ebp=0x01afff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x180023 es=0x7c910023 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824b1c18 Pid: 1124 Tid: 1228 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd7000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000002 ebx=0x00000000 ecx=0x7c91005d edx=0x04140010 esi=0x000b0838 edi=0x000aea68 eip=0x7c90e514 esp=0x00adfe18 ebp=0x00adff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f483b8 Pid: 728 Tid: 968 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:WrLpcReceive BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffae000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x00000d73 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000fe ebx=0x00000000 ecx=0x00000000 edx=0x00000000 esi=0x00987380 edi=0x00000001 eip=0x7c90e514 esp=0x00adff64 ebp=0x00adffb0 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82473700 Pid: 980 Tid: 548 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x820ec650 'svchost.exe' Attached Process: 0x820ec650 'svchost.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffac000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000d6000 ebx=0x000995f4 ecx=0x00caf278 edx=0x00001000 esi=0x000cfcf8 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00caff70 ebp=0x00caff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823873c0 Pid: 1124 Tid: 1204 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd9000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a92e ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x001624c0 edx=0x00000000 esi=0x00000000 edi=0x00000001 eip=0x7c90e514 esp=0x00a4fcec ebp=0x00a4ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820f28a0 Pid: 4 Tid: 364 Tags: SystemThread Created: 2012-06-29 14:16:49 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf36908b1 rdbss.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f36908b1: 8bff MOV EDI, EDI f36908b3: 55 PUSH EBP f36908b4: 8bec MOV EBP, ESP f36908b6: 83ec10 SUB ESP, 0x10 f36908b9: 56 PUSH ESI f36908ba: e8e6000000 CALL 0xf36909a5 f36908bf: 8bf0 MOV ESI, EAX f36908c1: a1009169f3 MOV EAX, [0xf3699100] f36908c6: 6a00 PUSH 0x0 f36908c8: ff DB 0xff ------ ETHREAD: 0x823a6228 Pid: 336 Tid: 444 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x824fc928 'svchost.exe' Attached Process: 0x824fc928 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdb000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x00000d0c ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000022 ebx=0x00000000 ecx=0x77e71378 edx=0x77e87eb8 esi=0x0009ad08 edi=0x0009adac eip=0x7c90e514 esp=0x0082fe18 ebp=0x0082ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x01f50d78 Pid: 4 Tid: 1420 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x01dfa020 Pid: 4 Tid: 1344 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x0205b900 Pid: 1736 Tid: 1984 Tags: ScannerOnly Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x8206f758 'spoolsv.exe' Attached Process: 0x8206f758 'spoolsv.exe' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED ------ ETHREAD: 0x820633d0 Pid: 1452 Tid: 1308 Tags: Created: 2012-06-29 14:17:21 Exited: - Owning Process: 0x82065c10 'wmiprvse.exe' Attached Process: 0x82065c10 'wmiprvse.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffae000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x46b6fdb9 ebx=0x00000001 ecx=0x7c910228 edx=0x7c90e920 esi=0x0000036c edi=0x00000000 eip=0x7c90e514 esp=0x00ffff18 ebp=0x00ffff7c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824a89f8 Pid: 1124 Tid: 1616 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffac000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x00000000 edx=0x00000000 esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x016bff70 ebp=0x016bffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x180023 es=0x7c910023 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820693e0 Pid: 1124 Tid: 512 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0xf Priority: 0xf TEB: 0x7ff8d000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x0223fe38 ecx=0x00001872 edx=0x00000000 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x0223fe10 ebp=0x0223feac err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x02063a78 Pid: 4 Tid: 1216 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x81f3ada0 Pid: 916 Tid: 920 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdf000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1c392f0 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0009e670 ebx=0x00000000 ecx=0x77de6f9e edx=0x00010000 esi=0x00000000 edi=0x000000bc eip=0x7c90e514 esp=0x0007fc48 ebp=0x0007fcb0 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82108bb8 Pid: 916 Tid: 1588 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffae000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x00000f32 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000004 ebx=0x00000000 ecx=0x00d3fea8 edx=0x761330a0 esi=0x761330a0 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00d3fe6c ebp=0x00d3ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000296 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8210b1d0 Pid: 4 Tid: 264 Tags: SystemThread Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf2eb1814 mrxdav.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f2eb1814: 8bff MOV EDI, EDI f2eb1816: 55 PUSH EBP f2eb1817: 8bec MOV EBP, ESP f2eb1819: 83ec10 SUB ESP, 0x10 f2eb181c: 56 PUSH ESI f2eb181d: e804d8ffff CALL 0xf2eaf026 f2eb1822: 8bf0 MOV ESI, EAX f2eb1824: a1004debf2 MOV EAX, [0xf2eb4d00] f2eb1829: 6a00 PUSH 0x0 f2eb182b: ff DB 0xff ------ ETHREAD: 0x022beda0 Pid: 4 Tid: 1708 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x824bac00 Pid: 4 Tid: 140 Tags: SystemThread Created: 2012-06-29 14:16:48 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf7aff658 rdpdr.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f7aff658: 8bff MOV EDI, EDI f7aff65a: 55 PUSH EBP f7aff65b: 8bec MOV EBP, ESP f7aff65d: 6a00 PUSH 0x0 f7aff65f: ff7508 PUSH DWORD [EBP+0x8] f7aff662: e84998feff CALL 0xf7ae8eb0 f7aff667: 5d POP EBP f7aff668: c20400 RET 0x4 f7aff66b: cc INT 3 f7aff66c: cc INT 3 ------ ETHREAD: 0x823a4410 Pid: 4 Tid: 304 Tags: SystemThread Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf2eaed14 mrxdav.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f2eaed14: 8bff MOV EDI, EDI f2eaed16: 55 PUSH EBP f2eaed17: 8bec MOV EBP, ESP f2eaed19: 51 PUSH ECX f2eaed1a: 51 PUSH ECX f2eaed1b: a1705febf2 MOV EAX, [0xf2eb5f70] f2eaed20: 53 PUSH EBX f2eaed21: 8b1d5c4bebf2 MOV EBX, [0xf2eb4b5c] f2eaed27: 56 PUSH ESI f2eaed28: 57 PUSH EDI ------ ETHREAD: 0x820cb320 Pid: 1636 Tid: 1876 Tags: Created: 2012-06-29 14:16:55 Exited: - Owning Process: 0x824ecda0 'explorer.exe' Attached Process: 0x824ecda0 'explorer.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0xa TEB: 0x7ffd7000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe2094008 CrossThreadFlags: Eip: 0x7c90e514 eax=0x01fe0010 ebx=0x016ffd58 ecx=0x08000000 edx=0x7c90e514 esi=0x00000000 edi=0x7ffd5000 eip=0x7c90e514 esp=0x016ffd30 ebp=0x016ffdcc err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8205fc10 Pid: 4 Tid: 1836 Tags: SystemThread Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf2b27c60 HTTP.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_HARD_ERRORS_DISABLED|PS_CROSS_THREAD_FLAGS_SYSTEM f2b27c60: 8bff MOV EDI, EDI f2b27c62: 55 PUSH EBP f2b27c63: 8bec MOV EBP, ESP f2b27c65: 51 PUSH ECX f2b27c66: 51 PUSH ECX f2b27c67: 53 PUSH EBX f2b27c68: 56 PUSH ESI f2b27c69: 8b7508 MOV ESI, [EBP+0x8] f2b27c6c: 57 PUSH EDI f2b27c6d: 8b7e08 MOV EDI, [ESI+0x8] ------ ETHREAD: 0x820ce418 Pid: 4 Tid: 1880 Tags: SystemThread Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0xb Priority: 0xb TEB: 0x00000000 StartAddress: 0xf2b27c60 HTTP.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_HARD_ERRORS_DISABLED|PS_CROSS_THREAD_FLAGS_SYSTEM f2b27c60: 8bff MOV EDI, EDI f2b27c62: 55 PUSH EBP f2b27c63: 8bec MOV EBP, ESP f2b27c65: 51 PUSH ECX f2b27c66: 51 PUSH ECX f2b27c67: 53 PUSH EBX f2b27c68: 56 PUSH ESI f2b27c69: 8b7508 MOV ESI, [EBP+0x8] f2b27c6c: 57 PUSH EDI f2b27c6d: 8b7e08 MOV EDI, [ESI+0x8] ------ ETHREAD: 0x825ecb20 Pid: 4 Tid: 92 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x11 TEB: 0x00000000 StartAddress: 0x804eceec ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 804eceec: 8bff MOV EDI, EDI 804eceee: 55 PUSH EBP 804eceef: 8bec MOV EBP, ESP 804ecef1: 53 PUSH EBX 804ecef2: 56 PUSH ESI 804ecef3: 57 PUSH EDI 804ecef4: 64a124010000 MOV EAX, [FS:0x124] 804ecefa: 8b7508 MOV ESI, [EBP+0x8] 804ecefd: 8d4e10 LEA ECX, [ESI+0x10] 804ecf00: 51 PUSH ECX ------ ETHREAD: 0x824ebc20 Pid: 1636 Tid: 1644 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x824ecda0 'explorer.exe' Attached Process: 0x824ecda0 'explorer.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0xb TEB: 0x7ffde000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x824fc4b0 Pid: 684 Tid: 588 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:DelayExecution BasePriority: 0xd Priority: 0xd TEB: 0x7ffa4000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x774fe4ef ebx=0x00007530 ecx=0x7ffdf000 edx=0x00000000 esi=0x00000000 edi=0x0157ff50 eip=0x7c90e514 esp=0x0157ff20 ebp=0x0157ff78 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000206 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820a8c30 Pid: 740 Tid: 828 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:WrLpcReceive BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffd4000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00000000 ecx=0x00000003 edx=0x7c910222 esi=0x000b2280 edi=0x000b2324 eip=0x7c90e514 esp=0x009efe18 ebp=0x009eff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824a6da0 Pid: 740 Tid: 1096 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:UserRequest BasePriority: 0xb Priority: 0xb TEB: 0x7ffa1000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000055 ebx=0x00e3fde4 ecx=0x00000010 edx=0x001b21d1 esi=0x00000000 edi=0x7ffda000 eip=0x7c90e514 esp=0x00e3fdbc ebp=0x00e3fe58 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82060438 Pid: 1124 Tid: 1624 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ff6f000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a98d ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe2279858 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0011ef10 ebx=0x00000000 ecx=0x7c82ff9a edx=0x7ff6f000 esi=0x000cf988 edi=0x00000100 eip=0x7c90e514 esp=0x02e6fe18 ebp=0x02e6ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x150023 es=0x7c910023 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x020582f0 Pid: 4 Tid: 1512 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x8210f558 Pid: 2008 Tid: 2012 Tags: Created: 2012-06-29 14:16:56 Exited: - Owning Process: 0x824d1620 'ctfmon.exe' Attached Process: 0x824d1620 'ctfmon.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffdf000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1f3ccc0 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00453480 ebx=0x000acf80 ecx=0x00450000 edx=0x10010348 esi=0x00000000 edi=0x7ffd9000 eip=0x7c90e514 esp=0x0007fc24 ebp=0x0007fcc0 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824dab60 Pid: 1636 Tid: 1640 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x824ecda0 'explorer.exe' Attached Process: 0x824ecda0 'explorer.exe' State: Waiting:WrUserRequest BasePriority: 0x8 Priority: 0xc TEB: 0x7ffdf000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1c212d8 CrossThreadFlags: Eip: 0x7c90e514 eax=0x02130000 ebx=0x00000003 ecx=0x00000004 edx=0x00000000 esi=0x000d3a98 edi=0x00000000 eip=0x7c90e514 esp=0x0007fef0 ebp=0x0007ff08 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000202 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82421020 Pid: 4 Tid: 112 Tags: SystemThread Created: 2012-06-29 14:16:45 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf8508848 vmci.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f8508848: 8bff MOV EDI, EDI f850884a: 55 PUSH EBP f850884b: 8bec MOV EBP, ESP f850884d: 51 PUSH ECX f850884e: 51 PUSH ECX f850884f: 8b4508 MOV EAX, [EBP+0x8] f8508852: 56 PUSH ESI f8508853: 8b7004 MOV ESI, [EAX+0x4] f8508856: 57 PUSH EDI f8508857: 33ff XOR EDI, EDI ------ ETHREAD: 0x020fe980 Pid: 4 Tid: 1268 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x81f2a458 Pid: 740 Tid: 768 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:UserRequest BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffdb000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00000000 ecx=0x0009b8a0 edx=0x00000000 esi=0x00000000 edi=0x00000001 eip=0x7c90e514 esp=0x0072fcec ebp=0x0072ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82470460 Pid: 1124 Tid: 1176 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ff78000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x5f771c49 ebx=0x02c2fed0 ecx=0x001974e0 edx=0x00000006 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x02c2fea8 ebp=0x02c2ff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x825a9c68 Pid: 4 Tid: 96 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf857bb10 ACPI.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f857bb10: 8bff MOV EDI, EDI f857bb12: 55 PUSH EBP f857bb13: 8bec MOV EBP, ESP f857bb15: 83ec0c SUB ESP, 0xc f857bb18: 53 PUSH EBX f857bb19: 56 PUSH ESI f857bb1a: 57 PUSH EDI f857bb1b: 64a124010000 MOV EAX, [FS:0x124] f857bb21: a3708f58f8 MOV [0xf8588f70], EAX f857bb26: c7 DB 0xc7 ------ ETHREAD: 0x824fb368 Pid: 1124 Tid: 1148 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ff79000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x02befebc ecx=0x00001010 edx=0x003378fd esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x02befe94 ebp=0x02beff30 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x02399620 Pid: 4 Tid: 2016 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x824ba480 Pid: 4 Tid: 152 Tags: SystemThread Created: 2012-06-29 14:16:48 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf7ae8cea rdpdr.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f7ae8cea: 8bff MOV EDI, EDI f7ae8cec: 55 PUSH EBP f7ae8ced: 8bec MOV EBP, ESP f7ae8cef: 83ec10 SUB ESP, 0x10 f7ae8cf2: 56 PUSH ESI f7ae8cf3: e8002c0000 CALL 0xf7aeb8f8 f7ae8cf8: 8bf0 MOV ESI, EAX f7ae8cfa: a180bdaef7 MOV EAX, [0xf7aebd80] f7ae8cff: 6a00 PUSH 0x0 f7ae8d01: ff DB 0xff ------ ETHREAD: 0x81f358c0 Pid: 1972 Tid: 1256 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x81f62da0 'vmtoolsd.exe' Attached Process: 0x81f62da0 'vmtoolsd.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdd000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x7854345e ebx=0x0104fe8c ecx=0x7c90e920 edx=0x0012fbec esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x0104fe64 ebp=0x0104ff00 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82034488 Pid: 1124 Tid: 1504 Tags: Created: 2012-06-29 14:17:18 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x9 TEB: 0x7ff74000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe222d3f8 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77d02060 ebx=0x00000000 ecx=0x0015c490 edx=0x029f000d esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x02d2ff70 ebp=0x02d2ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82501490 Pid: 528 Tid: 608 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x81f5e478 'vmtoolsd.exe' Attached Process: 0x81f5e478 'vmtoolsd.exe' State: Waiting:UserRequest BasePriority: 0xf Priority: 0xf TEB: 0x7ffdc000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1f772d8 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00f0fbd8 ecx=0x0001001e edx=0x00005658 esi=0x00000000 edi=0x7ffde000 eip=0x7c90e514 esp=0x00f0fbb0 ebp=0x00f0fc4c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x6e0023 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824ac5d0 Pid: 728 Tid: 888 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:WrLpcReceive BasePriority: 0x9 Priority: 0xa TEB: 0x7ffd7000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a997 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x00000412 edx=0x0077f8f8 esi=0x000a6820 edi=0x00093b60 eip=0x7c90e514 esp=0x0077fe18 ebp=0x0077ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x7dbb0023 es=0x770023 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82077498 Pid: 1208 Tid: 1372 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x820ee7e8 'svchost.exe' Attached Process: 0x820ee7e8 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdd000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x820c6558 Pid: 4 Tid: 352 Tags: SystemThread Created: 2012-06-29 14:16:49 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf36a7517 rdbss.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f36a7517: 8bff MOV EDI, EDI f36a7519: 55 PUSH EBP f36a751a: 8bec MOV EBP, ESP f36a751c: 6a00 PUSH 0x0 f36a751e: ff7508 PUSH DWORD [EBP+0x8] f36a7521: e8f88efeff CALL 0xf369041e f36a7526: 5d POP EBP f36a7527: c20400 RET 0x4 f36a752a: 90 NOP f36a752b: 90 NOP ------ ETHREAD: 0x8246a4a0 Pid: 4 Tid: 108 Tags: SystemThread Created: 2012-06-29 14:16:45 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf850419c vmci.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f850419c: 8bff MOV EDI, EDI f850419e: 55 PUSH EBP f850419f: 8bec MOV EBP, ESP f85041a1: 83ec0c SUB ESP, 0xc f85041a4: 53 PUSH EBX f85041a5: 8b1d900351f8 MOV EBX, [0xf8510390] f85041ab: 56 PUSH ESI f85041ac: 33f6 XOR ESI, ESI f85041ae: 56 PUSH ESI f85041af: 56 PUSH ESI ------ ETHREAD: 0x820e1370 Pid: 1452 Tid: 1996 Tags: HwBreakpoints Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82065c10 'wmiprvse.exe' Attached Process: 0x82065c10 'wmiprvse.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffd8000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe2102008 CrossThreadFlags: Eip: 0x7c90e514 eax=0x4bfc52cc ebx=0x00cdfd5c ecx=0x00000050 edx=0x4bfc52cc esi=0x00000000 edi=0x7ffd7000 eip=0x7c90e514 esp=0x00cdfd34 ebp=0x00cdfdd0 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000001 dr1=0x00000002 dr2=0x00000001 dr3=0x0000000a dr6=0xffff0ff0 dr7=0x00000555 ------ ETHREAD: 0x81f4b4b0 Pid: 1124 Tid: 1952 Tags: Created: 2012-06-29 14:17:28 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReply BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff92000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x74f02555 ebx=0x02f64760 ecx=0x0013ea28 edx=0x00000000 esi=0x0272fbc0 edi=0x0272fb94 eip=0x7c90e514 esp=0x0272fb0c ebp=0x0272fb58 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000206 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82107da0 Pid: 528 Tid: 776 Tags: Created: 2012-06-29 14:17:18 Exited: - Owning Process: 0x81f5e478 'vmtoolsd.exe' Attached Process: 0x81f5e478 'vmtoolsd.exe' State: Waiting:WrLpcReceive BasePriority: 0xd Priority: 0xe TEB: 0x7ffd7000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000600 ebx=0x00000000 ecx=0x00000610 edx=0x00030800 esi=0x00166ee8 edi=0x0017aa38 eip=0x7c90e514 esp=0x023bfe18 ebp=0x023bff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x0205c438 Pid: 4 Tid: 928 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x820414b8 Pid: 684 Tid: 1840 Tags: Created: 2012-06-29 14:16:55 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:UserRequest BasePriority: 0xf Priority: 0xf TEB: 0x7ffa6000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x823704c0 Pid: 916 Tid: 1892 Tags: Created: 2012-06-29 14:16:55 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd9000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000002 ebx=0x0009db2c ecx=0x000abba0 edx=0x00000002 esi=0x000a20e8 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00a9ff70 ebp=0x00a9ff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8239d620 Pid: 916 Tid: 1776 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffac000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x760fe934 ebx=0x76139e20 ecx=0x004f0044 edx=0x004e0049 esi=0x00000000 edi=0x7c901000 eip=0x7c90e514 esp=0x00ddff8c ebp=0x00ddffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000206 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823a5c10 Pid: 1124 Tid: 624 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff9b000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00000000 ecx=0x00000000 edx=0x00000000 esi=0x001013b0 edi=0x00101454 eip=0x7c90e514 esp=0x01dbfe18 ebp=0x01dbff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x024c0a48 Pid: 4 Tid: 1064 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x02472da0 Pid: 4 Tid: 1816 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x020fd900 Pid: 4 Tid: 1596 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x020ff980 Pid: 4 Tid: 660 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x01f4a7b8 Pid: 4 Tid: 2004 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x8206f4d8 Pid: 1736 Tid: 1740 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8206f758 'spoolsv.exe' Attached Process: 0x8206f758 'spoolsv.exe' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdf000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe2070458 CrossThreadFlags: ------ ETHREAD: 0x024c14e0 Pid: 4 Tid: 664 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x020608b0 Pid: 4 Tid: 1072 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x824a14f0 Pid: 684 Tid: 1844 Tags: Created: 2012-06-29 14:16:55 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:WrUserRequest BasePriority: 0xf Priority: 0xf TEB: 0x7ff9f000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe20657d0 CrossThreadFlags: Eip: 0x7c90e514 eax=0x76b44dca ebx=0x0000070c ecx=0x00000003 edx=0x76b40000 esi=0x01a6ff98 edi=0x7e42772b eip=0x7c90e514 esp=0x01a6ff54 ebp=0x01a6ff78 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8206a228 Pid: 740 Tid: 436 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:UserRequest BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffa9000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00bafe64 ecx=0x7c809a0d edx=0x7440a340 esi=0x00000000 edi=0x7ffda000 eip=0x7c90e514 esp=0x00bafe3c ebp=0x00bafed8 err=0x00000000 cs=0x1b ss=0x23 ds=0x90023 es=0x90023 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x0203cda0 Pid: 4 Tid: 180 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:22 Exited: 2012-06-29 14:17:22 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x81f5f7e8 Pid: 1124 Tid: 380 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff9a000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x01dffdf4 ecx=0x000e10b8 edx=0x7c97e140 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x01dffdcc ebp=0x01dffe68 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824feda0 Pid: 684 Tid: 236 Tags: Created: 2012-06-29 14:17:03 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:UserRequest BasePriority: 0x1 Priority: 0x1 TEB: 0x7ffaa000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0145ff38 ebx=0x0145fe28 ecx=0x000066a9 edx=0x00000036 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x0145fe00 ebp=0x0145fe9c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82489af0 Pid: 604 Tid: 668 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8240d020 'csrss.exe' Attached Process: 0x8240d020 'csrss.exe' State: Waiting:WrLpcReply BasePriority: 0xf Priority: 0xf TEB: 0x7ffdd000 StartAddress: 0x75b67d63 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe222c7c8 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000098db ebx=0x00000000 ecx=0x00000002 edx=0x00000003 esi=0x7c90dade edi=0x75b9d90c eip=0x7c90e514 esp=0x004afe98 ebp=0x004afff4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00003216 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f3f558 Pid: 684 Tid: 1316 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:UserRequest BasePriority: 0xd Priority: 0xd TEB: 0x7ffa8000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x820fa500 Pid: 420 Tid: 816 Tags: Created: 2012-06-29 14:17:46 Exited: - Owning Process: 0x821013c0 'alg.exe' Attached Process: 0x821013c0 'alg.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd7000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00000000 ecx=0x00000040 edx=0x77e76125 esi=0x000a7db8 edi=0x00000100 eip=0x7c90e514 esp=0x00acfe18 ebp=0x00acff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x020feda0 Pid: 4 Tid: 1088 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x825c48a0 Pid: 4 Tid: 52 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0xc Priority: 0xc TEB: 0x00000000 StartAddress: 0x80534bc2 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 80534bc2: 8bff MOV EDI, EDI 80534bc4: 55 PUSH EBP 80534bc5: 8bec MOV EBP, ESP 80534bc7: 83ec20 SUB ESP, 0x20 80534bca: 8b4d08 MOV ECX, [EBP+0x8] 80534bcd: 85c9 TEST ECX, ECX 80534bcf: 7806 JS 0x80534bd7 80534bd1: 8365f800 AND DWORD [EBP-0x8], 0x0 80534bd5: eb14 JMP 0x80534beb 80534bd7: 8d45e0 LEA EAX, [EBP-0x20] ------ ETHREAD: 0x024732c8 Pid: 1124 Tid: 928 Tags: ScannerOnly Created: 2012-06-29 14:17:11 Exited: 2012-06-29 14:17:34 Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED ------ ETHREAD: 0x82505510 Pid: 1736 Tid: 1748 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8206f758 'spoolsv.exe' Attached Process: 0x8206f758 'spoolsv.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffde000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1d05aa8 CrossThreadFlags: ------ ETHREAD: 0x024be4d8 Pid: 4 Tid: 1648 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x82116d18 Pid: 684 Tid: 688 Tags: HwBreakpoints Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:WrUserRequest BasePriority: 0xf Priority: 0xf TEB: 0x7ffde000 StartAddress: 0x0103e5e1 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1947578 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000001 ebx=0x00000000 ecx=0x0006fb80 edx=0x7c90e514 esi=0x00586540 edi=0x00000001 eip=0x7c90e514 esp=0x0006fb80 ebp=0x0006fbb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x1010023 gs=0x00 efl=0x00000246 dr0=0x00000045 dr1=0x00000000 dr2=0x00000000 dr3=0x00000005 dr6=0xffff0ff0 dr7=0x00000555 ------ ETHREAD: 0x81f2eb20 Pid: 980 Tid: 1900 Tags: Created: 2012-06-29 14:16:55 Exited: - Owning Process: 0x820ec650 'svchost.exe' Attached Process: 0x820ec650 'svchost.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd5000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000dc000 ebx=0x000995f4 ecx=0x00b6f110 edx=0x00001000 esi=0x000bf970 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00b6ff70 ebp=0x00b6ff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82386230 Pid: 980 Tid: 1004 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x820ec650 'svchost.exe' Attached Process: 0x820ec650 'svchost.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffda000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000ca000 ebx=0x000995f4 ecx=0x00a3ed80 edx=0x00001000 esi=0x0009ed20 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00a3ff70 ebp=0x00a3ff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x024beda0 Pid: 4 Tid: 732 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x022c8da0 Pid: 4 Tid: 1364 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x824c4528 Pid: 1452 Tid: 1568 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82065c10 'wmiprvse.exe' Attached Process: 0x82065c10 'wmiprvse.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffdd000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a901 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe21c12c8 CrossThreadFlags: Eip: 0x7c90e514 eax=0xfffffffe ebx=0x00000000 ecx=0x00b9e8c4 edx=0x00000000 esi=0x000aab78 edi=0x00000000 eip=0x7c90e514 esp=0x00b9fe18 ebp=0x00b9ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x190023 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f38da0 Pid: 1124 Tid: 1672 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd6000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x00000ea4 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1ffa450 CrossThreadFlags: Eip: 0x7c90e514 eax=0x7ffd6000 ebx=0x0009e64c ecx=0x7c809a90 edx=0x00001002 esi=0x000cf838 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00b1ff70 ebp=0x00b1ff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x180023 es=0x7c910023 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820ef650 Pid: 1124 Tid: 1224 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0xa TEB: 0x7ffd8000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x8235e538 Pid: 4 Tid: 160 Tags: SystemThread Created: 2012-06-29 14:16:48 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf88aa92d raspptp.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f88aa92d: 8bff MOV EDI, EDI f88aa92f: 55 PUSH EBP f88aa930: 8bec MOV EBP, ESP f88aa932: 83ec0c SUB ESP, 0xc f88aa935: 53 PUSH EBX f88aa936: 56 PUSH ESI f88aa937: 57 PUSH EDI f88aa938: 33c0 XOR EAX, EAX f88aa93a: 50 PUSH EAX f88aa93b: 50 PUSH EAX ------ ETHREAD: 0x8250eda0 Pid: 1124 Tid: 1724 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffa4000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0000001d ebx=0x00007530 ecx=0x75092240 edx=0x018f001d esi=0x0009fc30 edi=0x00000000 eip=0x7c90e514 esp=0x018ffeac ebp=0x018ffed8 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82032578 Pid: 1124 Tid: 1656 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffaa000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x825c3020 Pid: 4 Tid: 64 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0xf Priority: 0xf TEB: 0x00000000 StartAddress: 0x80534bc2 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 80534bc2: 8bff MOV EDI, EDI 80534bc4: 55 PUSH EBP 80534bc5: 8bec MOV EBP, ESP 80534bc7: 83ec20 SUB ESP, 0x20 80534bca: 8b4d08 MOV ECX, [EBP+0x8] 80534bcd: 85c9 TEST ECX, ECX 80534bcf: 7806 JS 0x80534bd7 80534bd1: 8365f800 AND DWORD [EBP-0x8], 0x0 80534bd5: eb14 JMP 0x80534beb 80534bd7: 8d45e0 LEA EAX, [EBP-0x20] ------ ETHREAD: 0x8245a020 Pid: 980 Tid: 1012 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x820ec650 'svchost.exe' Attached Process: 0x820ec650 'svchost.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffd8000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000df000 ebx=0x00007530 ecx=0x00abfc68 edx=0x00003000 esi=0x00000012 edi=0x00000000 eip=0x7c90e514 esp=0x00abfeac ebp=0x00abfed8 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82470d50 Pid: 728 Tid: 1152 Tags: Created: 2012-06-29 14:17:11 Exited: 2012-06-29 14:17:11 Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00000000 ecx=0x00000000 edx=0x00000000 esi=0x0009ad08 edi=0x0009adac eip=0x7c90e514 esp=0x0088fe18 ebp=0x0088ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x0239c5d0 Pid: 4 Tid: 1680 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x82068558 Pid: 728 Tid: 408 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:DelayExecution BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffa4000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x000ac0bc ecx=0x00000000 edx=0x00cdf8f8 esi=0x000cf940 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00d5ff70 ebp=0x00d5ff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f77da0 Pid: 1124 Tid: 1136 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdc000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00000000 ecx=0x7ffddbf8 edx=0x00000000 esi=0x0093fafc edi=0x00000000 eip=0x7c90e514 esp=0x0097ff9c ebp=0x0097ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82404560 Pid: 684 Tid: 1468 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:UserRequest BasePriority: 0xd Priority: 0xd TEB: 0x7ffa0000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1c4bc30 CrossThreadFlags: ------ ETHREAD: 0x82506b90 Pid: 740 Tid: 788 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:DelayExecution BasePriority: 0x9 Priority: 0xa TEB: 0x7ffd8000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00000000 ecx=0x00092098 edx=0x7c9100b8 esi=0x0009e060 edi=0x7c97e440 eip=0x7c90e514 esp=0x007cff8c ebp=0x007cffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f788e8 Pid: 684 Tid: 720 Tags: HwBreakpoints Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:WrQueue BasePriority: 0xd Priority: 0xe TEB: 0x7ffd9000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x7ffd9000 edx=0x7c97e440 esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x00b6ff70 ebp=0x00b6ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x000000a0 dr1=0x00000000 dr2=0x00000003 dr3=0x000000b0 dr6=0xffff0ff0 dr7=0x00000555 ------ ETHREAD: 0x8245cda0 Pid: 1124 Tid: 1652 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffab000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00000000 ecx=0x00b1fb9c edx=0x00b1fb8c esi=0x000c5150 edi=0x000c51f4 eip=0x7c90e514 esp=0x0167fe18 ebp=0x0167ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82375418 Pid: 1736 Tid: 1764 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8206f758 'spoolsv.exe' Attached Process: 0x8206f758 'spoolsv.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffdc000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0009b568 ebx=0x00000000 ecx=0x00000008 edx=0x00000016 esi=0x0009b170 edi=0x0009b520 eip=0x7c90e514 esp=0x0096fe18 ebp=0x0096ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82064d78 Pid: 1124 Tid: 284 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ff6d000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe22878d8 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x00155a60 edx=0x00000018 esi=0x0013ff00 edi=0x02f4bfa0 eip=0x7c90e514 esp=0x0307fe18 ebp=0x0307ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81dfaaf0 Pid: 1736 Tid: 424 Tags: Created: 2012-06-29 14:17:23 Exited: - Owning Process: 0x8206f758 'spoolsv.exe' Attached Process: 0x8206f758 'spoolsv.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd5000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00bffed0 ecx=0x00bfff7c edx=0x00000000 esi=0x00000000 edi=0x7ffda000 eip=0x7c90e514 esp=0x00bffea8 ebp=0x00bfff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x02029518 Pid: 4 Tid: 1916 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x824af580 Pid: 916 Tid: 940 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdc000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x7c910250 ebx=0x00000000 ecx=0x7c926a80 edx=0x0000000a esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x009bff70 ebp=0x009bffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82102d78 Pid: 1124 Tid: 1540 Tags: Created: 2012-06-29 14:17:18 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0xa TEB: 0x7ff72000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe21e6dd0 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x02dafb24 ecx=0x00000000 edx=0x00000000 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x02dafafc ebp=0x02dafb98 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823a5390 Pid: 1124 Tid: 248 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffd4000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00000000 ecx=0x00000001 edx=0x000db5a0 esi=0x000b53e8 edi=0x7c97e440 eip=0x7c90e514 esp=0x00fdff8c ebp=0x00fdffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x01f41da0 Pid: 4 Tid: 428 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:16:49 Exited: 2012-06-29 14:16:49 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x81f32588 Pid: 420 Tid: 480 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x821013c0 'alg.exe' Attached Process: 0x821013c0 'alg.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdc000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x774fe4ef ebx=0x00007530 ecx=0x7ffd9000 edx=0x00000000 esi=0x00000000 edi=0x009cff50 eip=0x7c90e514 esp=0x009cff20 ebp=0x009cff78 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000206 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x825c58a0 Pid: 4 Tid: 24 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0xd Priority: 0xd TEB: 0x00000000 StartAddress: 0x80534bc2 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 80534bc2: 8bff MOV EDI, EDI 80534bc4: 55 PUSH EBP 80534bc5: 8bec MOV EBP, ESP 80534bc7: 83ec20 SUB ESP, 0x20 80534bca: 8b4d08 MOV ECX, [EBP+0x8] 80534bcd: 85c9 TEST ECX, ECX 80534bcf: 7806 JS 0x80534bd7 80534bd1: 8365f800 AND DWORD [EBP-0x8], 0x0 80534bd5: eb14 JMP 0x80534beb 80534bd7: 8d45e0 LEA EAX, [EBP-0x20] ------ ETHREAD: 0x82459590 Pid: 1636 Tid: 1024 Tags: Created: 2012-06-29 14:17:20 Exited: - Owning Process: 0x824ecda0 'explorer.exe' Attached Process: 0x824ecda0 'explorer.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffac000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x7c910250 ebx=0x00000000 ecx=0x7c90f661 edx=0x00000020 esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x0248ff70 ebp=0x0248ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82471180 Pid: 4 Tid: 328 Tags: SystemThread Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf2f9be2e vmmemctl.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f2f9be2e: 8bff MOV EDI, EDI f2f9be30: 55 PUSH EBP f2f9be31: 8bec MOV EBP, ESP f2f9be33: 51 PUSH ECX f2f9be34: 51 PUSH ECX f2f9be35: 56 PUSH ESI f2f9be36: 8b7508 MOV ESI, [EBP+0x8] f2f9be39: 57 PUSH EDI f2f9be3a: 33ff XOR EDI, EDI f2f9be3c: 397e18 CMP [ESI+0x18], EDI ------ ETHREAD: 0x022c5da0 Pid: 4 Tid: 1932 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x823a0598 Pid: 1452 Tid: 1908 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82065c10 'wmiprvse.exe' Attached Process: 0x82065c10 'wmiprvse.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffdb000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe224de80 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0100d168 ebx=0x00c1fd5c ecx=0x0007fb48 edx=0x00000200 esi=0x00000000 edi=0x7ffd7000 eip=0x7c90e514 esp=0x00c1fd34 ebp=0x00c1fdd0 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8205b488 Pid: 1736 Tid: 1044 Tags: Created: 2012-06-29 14:17:23 Exited: - Owning Process: 0x8206f758 'spoolsv.exe' Attached Process: 0x8206f758 'spoolsv.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0xa TEB: 0x7ffdb000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x723f172d ebx=0x00000000 ecx=0x0000002b edx=0x7c910222 esi=0x000001fc edi=0x00000000 eip=0x7c90e514 esp=0x00deff14 ebp=0x00deff78 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x825bfb20 Pid: 4 Tid: 84 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x17 TEB: 0x00000000 StartAddress: 0x8053c5c6 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 8053c5c6: 64a124010000 MOV EAX, [FS:0x124] 8053c5cc: a3e42e5580 MOV [0x80552ee4], EAX 8053c5d1: 64a124010000 MOV EAX, [FS:0x124] 8053c5d7: 6a17 PUSH 0x17 8053c5d9: 50 PUSH EAX 8053c5da: e8 DB 0xe8 8053c5db: 8f DB 0x8f 8053c5dc: f5 CMC 8053c5dd: fb STI ------ ETHREAD: 0x820c6da0 Pid: 740 Tid: 848 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:WrLpcReceive BasePriority: 0x9 Priority: 0xa TEB: 0x7ffab000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a829 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00b2f6b0 ebx=0x00000000 ecx=0x77de9c58 edx=0x00fd0001 esi=0x000b46d0 edi=0x000c8508 eip=0x7c90e514 esp=0x00b2fe18 ebp=0x00b2ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f551f8 Pid: 1124 Tid: 1164 Tags: Created: 2012-06-29 14:17:18 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff77000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a989 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe22758b8 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77d20899 ebx=0x00000000 ecx=0x00000000 edx=0x764032dd esi=0x000cf988 edi=0x00000100 eip=0x7c90e514 esp=0x02c6fe18 ebp=0x02c6ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x150023 es=0x7c910023 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823a35a8 Pid: 728 Tid: 1116 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:DelayExecution BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffa1000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x000ac0bc ecx=0x003c41c8 edx=0x00000000 esi=0x000d4660 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00e1ff70 ebp=0x00e1ff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823aada0 Pid: 528 Tid: 368 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x81f5e478 'vmtoolsd.exe' Attached Process: 0x81f5e478 'vmtoolsd.exe' State: Waiting:Executive BasePriority: 0xd Priority: 0xe TEB: 0x7ffdd000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1f38880 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77de2084 ebx=0x00000000 ecx=0x0012fca8 edx=0x00000025 esi=0x00000000 edi=0x000000c8 eip=0x7c90e514 esp=0x0012fb60 ebp=0x0012fbc8 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x020ff500 Pid: 4 Tid: 2028 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x8239ca48 Pid: 1124 Tid: 1516 Tags: Created: 2012-06-29 14:17:18 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff73000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000274 ebx=0x77df3251 ecx=0x02d6f238 edx=0x0000005c esi=0x00117278 edi=0x0015aaa4 eip=0x7c90e514 esp=0x02d6fe00 ebp=0x02d6ff30 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823a9da0 Pid: 1636 Tid: 1992 Tags: Created: 2012-06-29 14:16:56 Exited: - Owning Process: 0x824ecda0 'explorer.exe' Attached Process: 0x824ecda0 'explorer.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffad000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe2096a28 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00171750 ebx=0x00000000 ecx=0x01acf3a0 edx=0x00000002 esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x01acff70 ebp=0x01acffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f2eda0 Pid: 1636 Tid: 1896 Tags: Created: 2012-06-29 14:16:55 Exited: - Owning Process: 0x824ecda0 'explorer.exe' Attached Process: 0x824ecda0 'explorer.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0xb TEB: 0x7ffd6000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a987 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe196c350 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000d55f8 ebx=0x00000000 ecx=0x00115704 edx=0x00115688 esi=0x000bbb90 edi=0x00000100 eip=0x7c90e514 esp=0x018bfe18 ebp=0x018bff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8248fda0 Pid: 740 Tid: 820 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:WrQueue BasePriority: 0x9 Priority: 0xa TEB: 0x7ffd6000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000bfa38 ebx=0x00007530 ecx=0x0096fe68 edx=0x000b16a0 esi=0x000b1088 edi=0x00000000 eip=0x7c90e514 esp=0x0096feac ebp=0x0096fed8 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x825c43a0 Pid: 4 Tid: 60 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0xc Priority: 0xc TEB: 0x00000000 StartAddress: 0x80534bc2 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 80534bc2: 8bff MOV EDI, EDI 80534bc4: 55 PUSH EBP 80534bc5: 8bec MOV EBP, ESP 80534bc7: 83ec20 SUB ESP, 0x20 80534bca: 8b4d08 MOV ECX, [EBP+0x8] 80534bcd: 85c9 TEST ECX, ECX 80534bcf: 7806 JS 0x80534bd7 80534bd1: 8365f800 AND DWORD [EBP-0x8], 0x0 80534bd5: eb14 JMP 0x80534beb 80534bd7: 8d45e0 LEA EAX, [EBP-0x20] ------ ETHREAD: 0x01df0da0 Pid: 4 Tid: 784 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x825c4020 Pid: 4 Tid: 40 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0xc Priority: 0xc TEB: 0x00000000 StartAddress: 0x80534bc2 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 80534bc2: 8bff MOV EDI, EDI 80534bc4: 55 PUSH EBP 80534bc5: 8bec MOV EBP, ESP 80534bc7: 83ec20 SUB ESP, 0x20 80534bca: 8b4d08 MOV ECX, [EBP+0x8] 80534bcd: 85c9 TEST ECX, ECX 80534bcf: 7806 JS 0x80534bd7 80534bd1: 8365f800 AND DWORD [EBP-0x8], 0x0 80534bd5: eb14 JMP 0x80534beb 80534bd7: 8d45e0 LEA EAX, [EBP-0x20] ------ ETHREAD: 0x824724b0 Pid: 1124 Tid: 516 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff8c000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00000000 ecx=0x0000001e edx=0x020ff8b2 esi=0x000fd238 edi=0x000fd2dc eip=0x7c90e514 esp=0x0227fe18 ebp=0x0227ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8239b5d0 Pid: 916 Tid: 1800 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffab000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x760fa7ce ebx=0x76139e20 ecx=0x004f0044 edx=0x004e0049 esi=0x00000001 edi=0x761332c0 eip=0x7c90e514 esp=0x00e1ff60 ebp=0x00e1ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000296 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x01f4f368 Pid: 1736 Tid: 2024 Tags: ScannerOnly Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x8206f758 'spoolsv.exe' Attached Process: 0x8206f758 'spoolsv.exe' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED Eip: 0x7c90e514 eax=0x774fe4ef ebx=0x00007530 ecx=0x00000010 edx=0x02eaed10 esi=0x00000d0c edi=0x00000000 eip=0x7c90e514 esp=0x029fff28 ebp=0x029fff8c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82111980 Pid: 1636 Tid: 1924 Tags: Created: 2012-06-29 14:16:55 Exited: - Owning Process: 0x824ecda0 'explorer.exe' Attached Process: 0x824ecda0 'explorer.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd4000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1ca8008 CrossThreadFlags: Eip: 0x7c90e514 eax=0xc0000034 ebx=0x00000000 ecx=0x017def28 edx=0x7c90e514 esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x017dff70 ebp=0x017dffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x17d0023 es=0x17840023 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f3c020 Pid: 684 Tid: 708 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:WrLpcReceive BasePriority: 0xd Priority: 0xe TEB: 0x7ffdc000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1ca6eb0 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000087ab ebx=0x00000000 ecx=0x76a61158 edx=0x769c1dc4 esi=0x000869b8 edi=0x00087318 eip=0x7c90e514 esp=0x00aafe18 ebp=0x00aaff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x200023 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820335e0 Pid: 1736 Tid: 1772 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8206f758 'spoolsv.exe' Attached Process: 0x8206f758 'spoolsv.exe' State: Waiting:WrExecutive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd9000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1ff8858 CrossThreadFlags: ------ ETHREAD: 0x824ce650 Pid: 980 Tid: 416 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x820ec650 'svchost.exe' Attached Process: 0x820ec650 'svchost.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0xa TEB: 0x7ffae000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000003ec ebx=0x00007530 ecx=0x000ca140 edx=0xe46d3bc4 esi=0x0009ad20 edi=0x00000000 eip=0x7c90e514 esp=0x00c2feac ebp=0x00c2fed8 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824f8da0 Pid: 4 Tid: 1888 Tags: SystemThread Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf2b252a4 HTTP.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f2b252a4: 8bff MOV EDI, EDI f2b252a6: 55 PUSH EBP f2b252a7: 8bec MOV EBP, ESP f2b252a9: 83ec68 SUB ESP, 0x68 f2b252ac: 53 PUSH EBX f2b252ad: 6aff PUSH -0x1 f2b252af: 68806967ff PUSH DWORD 0xff676980 f2b252b4: 33db XOR EBX, EBX f2b252b6: 53 PUSH EBX f2b252b7: ff DB 0xff ------ ETHREAD: 0x024c1060 Pid: 4 Tid: 1324 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x020aa5a0 Pid: 4 Tid: 420 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:16:49 Exited: 2012-06-29 14:16:49 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x81f4c620 Pid: 1208 Tid: 1068 Tags: Created: 2012-06-29 14:17:46 Exited: - Owning Process: 0x820ee7e8 'svchost.exe' Attached Process: 0x820ee7e8 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd7000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00000000 ecx=0x00000032 edx=0x00b5f900 esi=0x000b59f0 edi=0x00000100 eip=0x7c90e514 esp=0x00b1fe18 ebp=0x00b1ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824715f8 Pid: 268 Tid: 308 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x823a7da0 'svchost.exe' Attached Process: 0x823a7da0 'svchost.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdc000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000002a3 ebx=0x00000000 ecx=0x00000210 edx=0x00015b6c esi=0x00000000 edi=0x00000000 eip=0x7c90e514 esp=0x00b1fee4 ebp=0x00b1ff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000202 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82396928 Pid: 1124 Tid: 1608 Tags: Created: 2012-06-29 14:17:46 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x9 TEB: 0x7ff83000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe20b82e8 CrossThreadFlags: Eip: 0x7c90e514 eax=0x7c910250 ebx=0x00000000 ecx=0x00000000 edx=0x00000000 esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x027eff70 ebp=0x027effb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82102900 Pid: 916 Tid: 1544 Tags: Created: 2012-06-29 14:17:18 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd4000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00cbff68 ebx=0x00000000 ecx=0x00cbff90 edx=0x76132fb0 esi=0x000001e4 edi=0x00000000 eip=0x7c90e514 esp=0x00cbff28 ebp=0x00cbff8c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x01f4f7e8 Pid: 4 Tid: 1328 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x822c2da0 Pid: 1736 Tid: 1496 Tags: Created: 2012-06-29 14:17:23 Exited: - Owning Process: 0x8206f758 'spoolsv.exe' Attached Process: 0x8206f758 'spoolsv.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffac000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000b6c80 ebx=0x00000000 ecx=0x000b6c80 edx=0x00fffd18 esi=0x000b5200 edi=0x000b7150 eip=0x7c90e514 esp=0x00fffe18 ebp=0x00ffff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x023a2180 Pid: 4 Tid: 200 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x020ad020 Pid: 4 Tid: 1984 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x01f4fc10 Pid: 4 Tid: 1244 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x825c5620 Pid: 4 Tid: 28 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0xd Priority: 0xd TEB: 0x00000000 StartAddress: 0x80534bc2 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 80534bc2: 8bff MOV EDI, EDI 80534bc4: 55 PUSH EBP 80534bc5: 8bec MOV EBP, ESP 80534bc7: 83ec20 SUB ESP, 0x20 80534bca: 8b4d08 MOV ECX, [EBP+0x8] 80534bcd: 85c9 TEST ECX, ECX 80534bcf: 7806 JS 0x80534bd7 80534bd1: 8365f800 AND DWORD [EBP-0x8], 0x0 80534bd5: eb14 JMP 0x80534beb 80534bd7: 8d45e0 LEA EAX, [EBP-0x20] ------ ETHREAD: 0x81f14620 Pid: 4 Tid: 288 Tags: SystemThread Created: 2012-06-29 14:16:48 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Suspended BasePriority: 0x8 Priority: 0x9 TEB: 0x00000000 StartAddress: 0xf7b5b086 USBPORT.SYS ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f7b5b086: 8bff MOV EDI, EDI f7b5b088: 55 PUSH EBP f7b5b089: 8bec MOV EBP, ESP f7b5b08b: 83ec18 SUB ESP, 0x18 f7b5b08e: 8b4508 MOV EAX, [EBP+0x8] f7b5b091: 53 PUSH EBX f7b5b092: 56 PUSH ESI f7b5b093: 8b7028 MOV ESI, [EAX+0x28] f7b5b096: e88f5b0100 CALL 0xf7b70c2a f7b5b09b: 89 DB 0x89 ------ ETHREAD: 0x8203b628 Pid: 916 Tid: 1428 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd5000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x7c910250 ebx=0x00000000 ecx=0x00000000 edx=0x00000000 esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x00b6ff70 ebp=0x00b6ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8248a630 Pid: 1124 Tid: 864 Tags: Created: 2012-06-29 14:17:20 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ff68000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00000000 ecx=0x0307f790 edx=0x0307f2e4 esi=0x00000000 edi=0x00000001 eip=0x7c90e514 esp=0x031bfcec ebp=0x031bffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8204ada0 Pid: 684 Tid: 1304 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:UserRequest BasePriority: 0xd Priority: 0xf TEB: 0x7ffab000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x011dfe08 ebx=0x011dfe78 ecx=0x00000001 edx=0x0000006b esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x011dfe50 ebp=0x011dfeec err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x01dedda0 Pid: 4 Tid: 452 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x024c1da0 Pid: 4 Tid: 2024 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x023991a8 Pid: 4 Tid: 1788 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x82385020 Pid: 1452 Tid: 1940 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82065c10 'wmiprvse.exe' Attached Process: 0x82065c10 'wmiprvse.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffda000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x005bb000 ebx=0x00099dac ecx=0x00c5e9f8 edx=0x00001000 esi=0x000b1e40 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00c5ff70 ebp=0x00c5ff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x01f4a340 Pid: 4 Tid: 1520 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x8210b650 Pid: 1124 Tid: 912 Tags: Created: 2012-06-29 14:17:11 Exited: 2012-06-29 14:17:11 Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED Eip: 0x7c90e514 eax=0x5f771d97 ebx=0x00e9fecc ecx=0x00e5fe8c edx=0x00000008 esi=0x00000000 edi=0x7ffdb000 eip=0x7c90e514 esp=0x00e9fea4 ebp=0x00e9ff40 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8210abb8 Pid: 336 Tid: 340 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x824fc928 'svchost.exe' Attached Process: 0x824fc928 'svchost.exe' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdf000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1f7c468 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77de2084 ebx=0x00000000 ecx=0x0007fd90 edx=0x00000025 esi=0x00000000 edi=0x00000070 eip=0x7c90e514 esp=0x0007fc48 ebp=0x0007fcb0 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82386658 Pid: 980 Tid: 988 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x820ec650 'svchost.exe' Attached Process: 0x820ec650 'svchost.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0xa TEB: 0x7ffde000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1c3fac0 CrossThreadFlags: ------ ETHREAD: 0x024c7528 Pid: 4 Tid: 1056 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x0239c158 Pid: 4 Tid: 1280 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x82518d10 Pid: 740 Tid: 832 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:WrLpcReceive BasePriority: 0x9 Priority: 0xa TEB: 0x7ffaf000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a646 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000022 ebx=0x000b2400 ecx=0x00000010 edx=0x000165de esi=0x00000000 edi=0x000e20f0 eip=0x7c90e514 esp=0x00a2fe40 ebp=0x00a2ff74 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82043668 Pid: 1636 Tid: 1692 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x824ecda0 'explorer.exe' Attached Process: 0x824ecda0 'explorer.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0xb TEB: 0x7ffdd000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a98c ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe2366398 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000cd530 ebx=0x00000000 ecx=0x00000000 edx=0x00000002 esi=0x000bbb90 edi=0x00000100 eip=0x7c90e514 esp=0x00e5fe18 ebp=0x00e5ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82117678 Pid: 1168 Tid: 1260 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x823bd2b0 'svchost.exe' Attached Process: 0x823bd2b0 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffd9000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000a1238 ebx=0x00000000 ecx=0x000a1238 edx=0x00090608 esi=0x000a0e38 edi=0x000a1108 eip=0x7c90e514 esp=0x0073fe18 ebp=0x0073ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8210c558 Pid: 1124 Tid: 388 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff99000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00000000 ecx=0x0000001e edx=0x01d7fb3e esi=0x000db978 edi=0x000dba1c eip=0x7c90e514 esp=0x01e4fe18 ebp=0x01e4ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820663c0 Pid: 728 Tid: 1192 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:UserRequest BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffd5000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x007ff6d8 ecx=0x00000004 edx=0x00000008 esi=0x00000000 edi=0x7ffdb000 eip=0x7c90e514 esp=0x007ff6b0 ebp=0x007ff74c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x821062c8 Pid: 1208 Tid: 1356 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x820ee7e8 'svchost.exe' Attached Process: 0x820ee7e8 'svchost.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffd9000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000be000 ebx=0x00000000 ecx=0x00a8f60c edx=0x00001000 esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x00a8ff70 ebp=0x00a8ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8240a690 Pid: 684 Tid: 956 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:UserRequest BasePriority: 0xd Priority: 0xd TEB: 0x7ffd4000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0014caa0 ebx=0x001397d0 ecx=0x23e6756f edx=0x23e0c00b esi=0x76c629b8 edi=0x00000000 eip=0x7c90e514 esp=0x00f1ff4c ebp=0x00f1ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000202 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820de518 Pid: 1124 Tid: 1220 Tags: Created: 2012-06-29 14:17:21 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ff95000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x000016db ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe224aaa8 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000204 ebx=0x00000000 ecx=0x0000021a edx=0x00000000 esi=0x000fd4d8 edi=0x00000100 eip=0x7c90e514 esp=0x01f5fe18 ebp=0x01f5ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x150023 es=0x7c910023 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f52650 Pid: 916 Tid: 1824 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffa6000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a85f ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00f7f70c ebx=0x00000000 ecx=0x00000001 edx=0x00000000 esi=0x000a3cb0 edi=0x000c5180 eip=0x7c90e514 esp=0x00f7fe18 ebp=0x00f7ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x020fd488 Pid: 4 Tid: 312 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x01f41b20 Pid: 4 Tid: 432 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:16:49 Exited: 2012-06-29 14:16:49 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x820d23a0 Pid: 1452 Tid: 1852 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82065c10 'wmiprvse.exe' Attached Process: 0x82065c10 'wmiprvse.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd5000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a905 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00d5eb50 ebx=0x00000000 ecx=0x00d5eac8 edx=0x00000000 esi=0x000aab78 edi=0x00000100 eip=0x7c90e514 esp=0x00d5fe18 ebp=0x00d5ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x77dd0023 es=0x7c900023 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x01f4bda0 Pid: 4 Tid: 1272 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x824586b0 Pid: 740 Tid: 1408 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:UserRequest BasePriority: 0x9 Priority: 0xa TEB: 0x7ffa3000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000801 ebx=0x7c9010e0 ecx=0x00000810 edx=0x0001cef5 esi=0x000000bc edi=0x00000000 eip=0x7c90e514 esp=0x00cffeb4 ebp=0x00cfff18 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f2bda0 Pid: 728 Tid: 752 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82037ca8 'services.exe' Attached Process: 0x82037ca8 'services.exe' State: Waiting:DelayExecution BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffde000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x824cfda0 Pid: 916 Tid: 156 Tags: Created: 2012-06-29 14:17:00 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd8000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000ca000 ebx=0x00000000 ecx=0x00adf61c edx=0x00002000 esi=0x000a02e8 edi=0x000a2ee8 eip=0x7c90e514 esp=0x00adfe18 ebp=0x00adff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f16020 Pid: 4 Tid: 164 Tags: SystemThread Created: 2012-06-29 14:16:48 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf88ab133 raspptp.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f88ab133: 8bff MOV EDI, EDI f88ab135: 55 PUSH EBP f88ab136: 8bec MOV EBP, ESP f88ab138: 51 PUSH ECX f88ab139: 51 PUSH ECX f88ab13a: 53 PUSH EBX f88ab13b: 33db XOR EBX, EBX f88ab13d: 381d70488bf8 CMP [0xf88b4870], BL f88ab143: 56 PUSH ESI f88ab144: 0f8510020000 JNZ 0xf88ab35a ------ ETHREAD: 0x820426c8 Pid: 1124 Tid: 1732 Tags: Impersonation Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffa2000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_IMPERSONATING Eip: 0x7c90e514 eax=0x00000431 ebx=0x0197fee0 ecx=0x00000410 edx=0x0001b200 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x0197feb8 ebp=0x0197ff54 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820f2da0 Pid: 4 Tid: 356 Tags: SystemThread Created: 2012-06-29 14:16:49 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf36a7517 rdbss.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f36a7517: 8bff MOV EDI, EDI f36a7519: 55 PUSH EBP f36a751a: 8bec MOV EBP, ESP f36a751c: 6a00 PUSH 0x0 f36a751e: ff7508 PUSH DWORD [EBP+0x8] f36a7521: e8f88efeff CALL 0xf369041e f36a7526: 5d POP EBP f36a7527: c20400 RET 0x4 f36a752a: 90 NOP f36a752b: 90 NOP ------ ETHREAD: 0x8206aa78 Pid: 4 Tid: 1872 Tags: SystemThread Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf2b27c60 HTTP.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_HARD_ERRORS_DISABLED|PS_CROSS_THREAD_FLAGS_SYSTEM f2b27c60: 8bff MOV EDI, EDI f2b27c62: 55 PUSH EBP f2b27c63: 8bec MOV EBP, ESP f2b27c65: 51 PUSH ECX f2b27c66: 51 PUSH ECX f2b27c67: 53 PUSH EBX f2b27c68: 56 PUSH ESI f2b27c69: 8b7508 MOV ESI, [EBP+0x8] f2b27c6c: 57 PUSH EDI f2b27c6d: 8b7e08 MOV EDI, [ESI+0x8] ------ ETHREAD: 0x01f4e7b8 Pid: 4 Tid: 2020 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x81f19650 Pid: 1972 Tid: 1264 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x81f62da0 'vmtoolsd.exe' Attached Process: 0x81f62da0 'vmtoolsd.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffdc000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe211eb00 CrossThreadFlags: Eip: 0x7c90e514 eax=0x7854345e ebx=0x0127fe2c ecx=0x0012f978 edx=0x00154e68 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x0127fe04 ebp=0x0127fea0 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x821046e0 Pid: 4 Tid: 260 Tags: SystemThread Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf2ecf5a8 mrxdav.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f2ecf5a8: 8bff MOV EDI, EDI f2ecf5aa: 55 PUSH EBP f2ecf5ab: 8bec MOV EBP, ESP f2ecf5ad: 6a00 PUSH 0x0 f2ecf5af: ff7508 PUSH DWORD [EBP+0x8] f2ecf5b2: e82324feff CALL 0xf2eb19da f2ecf5b7: 5d POP EBP f2ecf5b8: c20400 RET 0x4 f2ecf5bb: cc INT 3 f2ecf5bc: cc INT 3 ------ ETHREAD: 0x823746e8 Pid: 740 Tid: 760 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:DelayExecution BasePriority: 0x9 Priority: 0x9 TEB: 0x7ffdd000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00000000 ecx=0x00000000 edx=0x00000000 esi=0x00000000 edi=0x00000000 eip=0x7c90e514 esp=0x006aff9c ebp=0x006affb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x02057460 Pid: 4 Tid: 1928 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x81f5bda0 Pid: 4 Tid: 252 Tags: SystemThread Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf2ecf5a8 mrxdav.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f2ecf5a8: 8bff MOV EDI, EDI f2ecf5aa: 55 PUSH EBP f2ecf5ab: 8bec MOV EBP, ESP f2ecf5ad: 6a00 PUSH 0x0 f2ecf5af: ff7508 PUSH DWORD [EBP+0x8] f2ecf5b2: e82324feff CALL 0xf2eb19da f2ecf5b7: 5d POP EBP f2ecf5b8: c20400 RET 0x4 f2ecf5bb: cc INT 3 f2ecf5bc: cc INT 3 ------ ETHREAD: 0x825c8128 Pid: 4 Tid: 12 Tags: SystemThread Created: - Exited: 2012-06-29 14:16:51 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x804edeac ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM 804edeac: 8bff MOV EDI, EDI 804edeae: 55 PUSH EBP 804edeaf: 8bec MOV EBP, ESP 804edeb1: 51 PUSH ECX 804edeb2: 51 PUSH ECX 804edeb3: 834dfcff OR DWORD [EBP-0x4], -0x1 804edeb7: c745f800cbf3ff MOV DWORD [EBP-0x8], 0xfff3cb00 804edebe: 8d45f8 LEA EAX, [EBP-0x8] 804edec1: 50 PUSH EAX 804edec2: 6a00 PUSH 0x0 ------ ETHREAD: 0x824ea6f8 Pid: 1124 Tid: 636 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff93000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1ffd008 CrossThreadFlags: Eip: 0x7c90e514 eax=0x7751a1d8 ebx=0x022ffe30 ecx=0x00000000 edx=0x000ff28c esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x022ffe08 ebp=0x022ffea4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824ba700 Pid: 4 Tid: 148 Tags: SystemThread Created: 2012-06-29 14:16:48 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf7aff658 rdpdr.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f7aff658: 8bff MOV EDI, EDI f7aff65a: 55 PUSH EBP f7aff65b: 8bec MOV EBP, ESP f7aff65d: 6a00 PUSH 0x0 f7aff65f: ff7508 PUSH DWORD [EBP+0x8] f7aff662: e84998feff CALL 0xf7ae8eb0 f7aff667: 5d POP EBP f7aff668: c20400 RET 0x4 f7aff66b: cc INT 3 f7aff66c: cc INT 3 ------ ETHREAD: 0x820da680 Pid: 1736 Tid: 484 Tags: Created: 2012-06-29 14:17:23 Exited: - Owning Process: 0x8206f758 'spoolsv.exe' Attached Process: 0x8206f758 'spoolsv.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd6000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1f31600 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00546e28 ebx=0x00abf804 ecx=0x00000000 edx=0x0000009c esi=0x00000000 edi=0x7ffda000 eip=0x7c90e514 esp=0x00abf7dc ebp=0x00abf878 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82508708 Pid: 4 Tid: 124 Tags: SystemThread Created: 2012-06-29 14:16:48 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:Executive BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf8850090 redbook.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f8850090: 8bff MOV EDI, EDI f8850092: 55 PUSH EBP f8850093: 8bec MOV EBP, ESP f8850095: 81ec9c000000 SUB ESP, 0x9c f885009b: 8b4508 MOV EAX, [EBP+0x8] f885009e: 8945ec MOV [EBP-0x14], EAX f88500a1: c645e700 MOV BYTE [EBP-0x19], 0x0 f88500a5: e8 DB 0xe8 f88500a6: e8 DB 0xe8 f88500a7: bc DB 0xbc ------ ETHREAD: 0x825c4da0 Pid: 4 Tid: 44 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0xc Priority: 0xc TEB: 0x00000000 StartAddress: 0x80534bc2 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 80534bc2: 8bff MOV EDI, EDI 80534bc4: 55 PUSH EBP 80534bc5: 8bec MOV EBP, ESP 80534bc7: 83ec20 SUB ESP, 0x20 80534bca: 8b4d08 MOV ECX, [EBP+0x8] 80534bcd: 85c9 TEST ECX, ECX 80534bcf: 7806 JS 0x80534bd7 80534bd1: 8365f800 AND DWORD [EBP-0x8], 0x0 80534bd5: eb14 JMP 0x80534beb 80534bd7: 8d45e0 LEA EAX, [EBP-0x20] ------ ETHREAD: 0x81f5eb20 Pid: 1956 Tid: 172 Tags: Created: 2012-06-29 14:16:56 Exited: - Owning Process: 0x81f2d308 'rundll32.exe' Attached Process: 0x81f2d308 'rundll32.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdb000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00000000 ecx=0x00e4ffb0 edx=0x7c90e514 esi=0x00000000 edi=0x00000001 eip=0x7c90e514 esp=0x00e4fcec ebp=0x00e4ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x01f38718 Pid: 176 Tid: 856 Tags: ScannerOnly Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x82373b28 'cmd.exe' Attached Process: 0x82373b28 'cmd.exe' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED ------ ETHREAD: 0x820f2b20 Pid: 4 Tid: 360 Tags: SystemThread Created: 2012-06-29 14:16:49 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf36a7517 rdbss.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f36a7517: 8bff MOV EDI, EDI f36a7519: 55 PUSH EBP f36a751a: 8bec MOV EBP, ESP f36a751c: 6a00 PUSH 0x0 f36a751e: ff7508 PUSH DWORD [EBP+0x8] f36a7521: e8f88efeff CALL 0xf369041e f36a7526: 5d POP EBP f36a7527: c20400 RET 0x4 f36a752a: 90 NOP f36a752b: 90 NOP ------ ETHREAD: 0x824fe720 Pid: 4 Tid: 572 Tags: SystemThread Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0x9 Priority: 0x9 TEB: 0x00000000 StartAddress: 0xf2df4024 srv.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_HARD_ERRORS_DISABLED|PS_CROSS_THREAD_FLAGS_SYSTEM f2df4024: 8bff MOV EDI, EDI f2df4026: 55 PUSH EBP f2df4027: 8bec MOV EBP, ESP f2df4029: 83ec10 SUB ESP, 0x10 f2df402c: 53 PUSH EBX f2df402d: 33c0 XOR EAX, EAX f2df402f: 56 PUSH ESI f2df4030: 8b7508 MOV ESI, [EBP+0x8] f2df4033: 33c9 XOR ECX, ECX f2df4035: 81fe601fdff2 CMP ESI, 0xf2df1f60 ------ ETHREAD: 0x023981f8 Pid: 4 Tid: 1112 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x820a9da0 Pid: 740 Tid: 840 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:UserRequest BasePriority: 0x9 Priority: 0xa TEB: 0x7ffad000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000801 ebx=0x7c9010e0 ecx=0x00000810 edx=0x0001cc7c esi=0x000000bc edi=0x00000000 eip=0x7c90e514 esp=0x00aafeb4 ebp=0x00aaff18 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824f5c10 Pid: 1452 Tid: 2040 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82065c10 'wmiprvse.exe' Attached Process: 0x82065c10 'wmiprvse.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffd9000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe22614d8 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00c9eb50 ebx=0x00000000 ecx=0x00c9eac8 edx=0x00000000 esi=0x000aab78 edi=0x000b4120 eip=0x7c90e514 esp=0x00c9fe18 ebp=0x00c9ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x022cada0 Pid: 4 Tid: 616 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:23 Exited: 2012-06-29 14:17:23 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x8210cda0 Pid: 4 Tid: 256 Tags: SystemThread Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x00000000 StartAddress: 0xf2ecf5a8 mrxdav.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM f2ecf5a8: 8bff MOV EDI, EDI f2ecf5aa: 55 PUSH EBP f2ecf5ab: 8bec MOV EBP, ESP f2ecf5ad: 6a00 PUSH 0x0 f2ecf5af: ff7508 PUSH DWORD [EBP+0x8] f2ecf5b2: e82324feff CALL 0xf2eb19da f2ecf5b7: 5d POP EBP f2ecf5b8: c20400 RET 0x4 f2ecf5bb: cc INT 3 f2ecf5bc: cc INT 3 ------ ETHREAD: 0x825ecda0 Pid: 4 Tid: 88 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x804eceec ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 804eceec: 8bff MOV EDI, EDI 804eceee: 55 PUSH EBP 804eceef: 8bec MOV EBP, ESP 804ecef1: 53 PUSH EBX 804ecef2: 56 PUSH ESI 804ecef3: 57 PUSH EDI 804ecef4: 64a124010000 MOV EAX, [FS:0x124] 804ecefa: 8b7508 MOV ESI, [EBP+0x8] 804ecefd: 8d4e10 LEA ECX, [ESI+0x10] 804ecf00: 51 PUSH ECX ------ ETHREAD: 0x82108740 Pid: 916 Tid: 1808 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffa9000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000c9000 ebx=0x00000000 ecx=0x00eaf624 edx=0x00001000 esi=0x000a3cb0 edi=0x000c5fb0 eip=0x7c90e514 esp=0x00eafe18 ebp=0x00eaff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f2d7e0 Pid: 740 Tid: 1332 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:WrLpcReceive BasePriority: 0x9 Priority: 0xa TEB: 0x7ffa5000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x0000a68e ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00005fbd ebx=0x00000000 ecx=0x00000000 edx=0x00c7f808 esi=0x000b46d0 edi=0x000ce5e8 eip=0x7c90e514 esp=0x00c7fe18 ebp=0x00c7ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x024cac10 Pid: 1520 Tid: 1816 Tags: ScannerOnly Created: 2012-06-29 14:17:19 Exited: 2012-06-29 14:17:25 Owning Process: 0x8239c5d0 '\xd0\xc59\x82' Attached Process: 0x8239c5d0 '\xd0\xc59\x82' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED ------ ETHREAD: 0x82377da0 Pid: 740 Tid: 1092 Tags: Created: 2012-06-29 14:17:11 Exited: 2012-06-29 14:17:20 Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Terminated BasePriority: 0x9 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x00030001 edx=0x00020000 esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x00c1ff70 ebp=0x00c1ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82473da0 Pid: 684 Tid: 232 Tags: Created: 2012-06-29 14:17:03 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:UserRequest BasePriority: 0xd Priority: 0xe TEB: 0x7ffae000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x769c8761 ebx=0x0111fef4 ecx=0x77de65a6 edx=0x00000005 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x0111fecc ebp=0x0111ff68 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824c4980 Pid: 604 Tid: 1828 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x8240d020 'csrss.exe' Attached Process: 0x8240d020 'csrss.exe' State: Waiting:UserRequest BasePriority: 0xf Priority: 0xf TEB: 0x7ffd6000 StartAddress: 0x75b67fd4 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x00000002 edx=0x00000003 esi=0x000005f8 edi=0x00000000 eip=0x7c90e514 esp=0x010ef70c ebp=0x010ef770 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00003246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f35da0 Pid: 1208 Tid: 1388 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x820ee7e8 'svchost.exe' Attached Process: 0x820ee7e8 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0xa TEB: 0x7ffdc000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000254 ebx=0x7c8308b5 ecx=0x009cfeb8 edx=0x7c90e514 esi=0x00000254 edi=0x00000000 eip=0x7c90e514 esp=0x009cfeb8 ebp=0x009cff1c err=0x00000000 cs=0x1b ss=0x23 ds=0x90023 es=0x90023 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x825bf020 Pid: 4 Tid: 76 Tags: SystemThread Created: 2012-06-29 14:16:43 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrFreePage BasePriority: 0x8 Priority: 0x11 TEB: 0x00000000 StartAddress: 0x80644e6e ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM 80644e6e: 8bff MOV EDI, EDI 80644e70: 55 PUSH EBP 80644e71: 8bec MOV EBP, ESP 80644e73: 83ec24 SUB ESP, 0x24 80644e76: b8b0865580 MOV EAX, 0x805586b0 80644e7b: a3b4865580 MOV [0x805586b4], EAX 80644e80: a3b0865580 MOV [0x805586b0], EAX 80644e85: b8 DB 0xb8 ------ ETHREAD: 0x824b0a90 Pid: 916 Tid: 1120 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffde000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x76a87861 ebx=0x00000000 ecx=0x00000000 edx=0x76a85335 esi=0x000a02e8 edi=0x0009fa60 eip=0x7c90e514 esp=0x0066fe18 ebp=0x0066ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x01f58da0 Pid: 4 Tid: 1620 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x8244b768 Pid: 4 Tid: 532 Tags: SystemThread Created: 2012-06-29 14:16:50 Exited: - Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x00000000 StartAddress: 0x805f0660 ntoskrnl.exe ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_SYSTEM Eip: 0x804feccd ntoskrnl.exe eax=0xe21163f8 ebx=0x00000000 ecx=0xf7c0fb70 edx=0x00000000 esi=0xf7c0fba8 edi=0x00000000 eip=0x804feccd esp=0x805f06f5 ebp=0xf7c0fdac err=0x00000000 cs=0x08 ss=0x6d0 ds=0x00 es=0x01 gs=0x01 efl=0x00000246 dr0=0x0000071c dr1=0x00000001 dr2=0x00000006 dr3=0x00000001 dr6=0x00000000 dr7=0xe19fbdd0 805f0660: 8bff MOV EDI, EDI 805f0662: 55 PUSH EBP 805f0663: 8bec MOV EBP, ESP 805f0665: 81ec1c020000 SUB ESP, 0x21c 805f066b: a140af5480 MOV EAX, [0x8054af40] 805f0670: 8945fc MOV [EBP-0x4], EAX 805f0673: e832feffff CALL 0x805f04aa ------ ETHREAD: 0x825037e8 Pid: 1124 Tid: 780 Tags: Created: 2012-06-29 14:17:11 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x9 Priority: 0xa TEB: 0x7ff87000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x02080000 ebx=0x750a4db0 ecx=0x026efb9c edx=0x7c90e514 esi=0x000e2128 edi=0x00000000 eip=0x7c90e514 esp=0x026efde8 ebp=0x026eff34 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000202 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x020ffda0 Pid: 4 Tid: 1476 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x8207a968 Pid: 1124 Tid: 1160 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffda000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x009ff914 ebx=0x009ffe80 ecx=0x00000068 edx=0x77e9f115 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x009ffe58 ebp=0x009ffef4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x02059390 Pid: 4 Tid: 1812 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x82373788 Pid: 1124 Tid: 1660 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffa9000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000530 ebx=0x776ff048 ecx=0x000007f4 edx=0x000e0ad0 esi=0x000004c4 edi=0x00000000 eip=0x7c90e514 esp=0x0173fed0 ebp=0x0173ff34 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x01f22da0 Pid: 1124 Tid: 464 Tags: ScannerOnly Created: 2012-06-29 14:17:19 Exited: 2012-06-29 14:17:28 Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED ------ ETHREAD: 0x821082c8 Pid: 528 Tid: 1412 Tags: Created: 2012-06-29 14:17:18 Exited: - Owning Process: 0x81f5e478 'vmtoolsd.exe' Attached Process: 0x81f5e478 'vmtoolsd.exe' State: Waiting:DelayExecution BasePriority: 0xd Priority: 0xd TEB: 0x7ffd8000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x774fe4ef ebx=0x00007530 ecx=0x7ffde000 edx=0x00000000 esi=0x00000000 edi=0x022bff50 eip=0x7c90e514 esp=0x022bff20 ebp=0x022bff78 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000206 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82505790 Pid: 1124 Tid: 1744 Tags: Impersonation Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffa1000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_IMPERSONATING Eip: 0x7c90e514 eax=0x00000204 ebx=0x01abfe7c ecx=0x77de1e14 edx=0x00000000 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x01abfe54 ebp=0x01abfef0 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82375698 Pid: 1736 Tid: 1760 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8206f758 'spoolsv.exe' Attached Process: 0x8206f758 'spoolsv.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdd000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x77e76c7d ebx=0x00007530 ecx=0x008efdcc edx=0x00000000 esi=0x0009a650 edi=0x00000000 eip=0x7c90e514 esp=0x0092feac ebp=0x0092fed8 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820de798 Pid: 1208 Tid: 872 Tags: Created: 2012-06-29 14:17:20 Exited: - Owning Process: 0x820ee7e8 'svchost.exe' Attached Process: 0x820ee7e8 'svchost.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffae000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x00030001 edx=0x00020000 esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x00c1ff70 ebp=0x00c1ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820c9da0 Pid: 420 Tid: 344 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x821013c0 'alg.exe' Attached Process: 0x821013c0 'alg.exe' State: Waiting:WrQueue BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd8000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x7c910250 ebx=0x00000000 ecx=0x00090000 edx=0x00090748 esi=0x7c97e440 edi=0x7c97e460 eip=0x7c90e514 esp=0x00a8ff70 ebp=0x00a8ffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8235c7a8 Pid: 1208 Tid: 1288 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x820ee7e8 'svchost.exe' Attached Process: 0x820ee7e8 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffde000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x82042948 Pid: 1124 Tid: 1728 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrUserRequest BasePriority: 0x8 Priority: 0xa TEB: 0x7ffa3000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe206e298 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x7e4191c6 ecx=0xffffffff edx=0x000000e8 esi=0x0193ff98 edi=0x7730218c eip=0x7c90e514 esp=0x0193ff30 ebp=0x0193ff4c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f7dda0 Pid: 1124 Tid: 540 Tags: Created: 2012-06-29 14:17:10 Exited: 2012-06-29 14:17:20 Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED Eip: 0x7c90e514 eax=0x46b6fdb9 ebx=0x00000001 ecx=0x7c910228 edx=0x7c90e920 esi=0x0000036c edi=0x00000000 eip=0x7c90e514 esp=0x00ffff18 ebp=0x00ffff7c err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8204dda0 Pid: 604 Tid: 700 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8240d020 'csrss.exe' Attached Process: 0x8240d020 'csrss.exe' State: Waiting:WrUserRequest BasePriority: 0xd Priority: 0xf TEB: 0x7ffd8000 StartAddress: 0x75b67cdf ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1956458 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000001 ecx=0x00000002 edx=0x00000003 esi=0x00164a40 edi=0x00000005 eip=0x7c90e514 esp=0x0072ffe4 ebp=0x00000000 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00003202 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8205e7b8 Pid: 1124 Tid: 1444 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ff70000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe2255008 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0011ec20 ebx=0x00000000 ecx=0x7c82ff9a edx=0x7ff70000 esi=0x000cf988 edi=0x00154ff8 eip=0x7c90e514 esp=0x02e2fe18 ebp=0x02e2ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x2f50023 es=0x7c910023 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8210fda0 Pid: 1956 Tid: 1960 Tags: Created: 2012-06-29 14:16:56 Exited: - Owning Process: 0x81f2d308 'rundll32.exe' Attached Process: 0x81f2d308 'rundll32.exe' State: Waiting:WrUserRequest BasePriority: 0x8 Priority: 0xa TEB: 0x7ffde000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1d23008 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x4ffb1340 ecx=0x0009bd18 edx=0x0007f820 esi=0x0007fefc edi=0x7e4191c6 eip=0x7c90e514 esp=0x0007fe64 ebp=0x0007fe80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f2e7c0 Pid: 980 Tid: 1904 Tags: Created: 2012-06-29 14:16:55 Exited: - Owning Process: 0x820ec650 'svchost.exe' Attached Process: 0x820ec650 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffd4000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000000 ebx=0x00000000 ecx=0x00baf34c edx=0x7c90e514 esi=0x0009bd78 edi=0x000c0740 eip=0x7c90e514 esp=0x00bafe18 ebp=0x00baff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820ea2a0 Pid: 904 Tid: 908 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x820eaaf0 'vmacthlp.exe' Attached Process: 0x820eaaf0 'vmacthlp.exe' State: Waiting:Executive BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdf000 StartAddress: 0x7c810705 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe196c008 CrossThreadFlags: ------ ETHREAD: 0x01f4c1a8 Pid: 4 Tid: 432 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x81f78020 Pid: 684 Tid: 972 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x823adbf0 'winlogon.exe' Attached Process: 0x823adbf0 'winlogon.exe' State: Waiting:WrLpcReceive BasePriority: 0xd Priority: 0xe TEB: 0x7ffd6000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000204 ebx=0x00000000 ecx=0x769c1d18 edx=0x00830003 esi=0x000869b8 edi=0x0008c510 eip=0x7c90e514 esp=0x00c2fe18 ebp=0x00c2ff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x023964b0 Pid: 4 Tid: 1580 Tags: ScannerOnly,SystemThread Created: 2012-06-29 14:17:46 Exited: 2012-06-29 14:17:46 Owning Process: 0x825c87f8 'System' Attached Process: 0x825c87f8 'System' State: Terminated BasePriority: 0x8 Priority: 0x10 TEB: 0x00000000 StartAddress: 0xf83e9b85 NDIS.sys ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: PS_CROSS_THREAD_FLAGS_TERMINATED|PS_CROSS_THREAD_FLAGS_SYSTEM f83e9b85: 8bff MOV EDI, EDI f83e9b87: 55 PUSH EBP f83e9b88: 8bec MOV EBP, ESP f83e9b8a: 8b4508 MOV EAX, [EBP+0x8] f83e9b8d: 56 PUSH ESI f83e9b8e: 33f6 XOR ESI, ESI f83e9b90: 3bc6 CMP EAX, ESI f83e9b92: 57 PUSH EDI f83e9b93: 0f84b26f0000 JZ 0xf83f0b4b f83e9b99: 8bf0 MOV ESI, EAX ------ ETHREAD: 0x81df4da0 Pid: 1736 Tid: 276 Tags: Created: 2012-06-29 14:17:23 Exited: - Owning Process: 0x8206f758 'spoolsv.exe' Attached Process: 0x8206f758 'spoolsv.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffd4000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x75bb29db ebx=0x00000000 ecx=0x00abf1a8 edx=0x00abef70 esi=0x00000000 edi=0x00eefe48 eip=0x7c90e514 esp=0x00eefe18 ebp=0x00eefe70 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000206 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823bc020 Pid: 980 Tid: 1008 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x820ec650 'svchost.exe' Attached Process: 0x820ec650 'svchost.exe' State: Waiting:DelayExecution BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffd9000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00a7f53c ebx=0x000995f4 ecx=0x00a7f51c edx=0x7c90e514 esi=0x000ae3e0 edi=0x7c9010e0 eip=0x7c90e514 esp=0x00a7ff70 ebp=0x00a7ff88 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000286 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823807e0 Pid: 1124 Tid: 1360 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ffd5000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00f9ffb0 ebx=0x00f9fed0 ecx=0x00f9ff98 edx=0x7c90e514 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x00f9fea8 ebp=0x00f9ff44 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x81f26550 Pid: 740 Tid: 772 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x8206fa70 'lsass.exe' Attached Process: 0x8206fa70 'lsass.exe' State: Waiting:WrLpcReceive BasePriority: 0x9 Priority: 0xa TEB: 0x7ffd9000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x00000263 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: ------ ETHREAD: 0x81f399f8 Pid: 916 Tid: 944 Tags: Created: 2012-06-29 14:16:52 Exited: - Owning Process: 0x82114020 'svchost.exe' Attached Process: 0x82114020 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffdb000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x00000000 ecx=0x0000000a edx=0x00000000 esi=0x00000000 edi=0x00000001 eip=0x7c90e514 esp=0x009ffcec ebp=0x009fffb4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x8205f7e8 Pid: 1124 Tid: 404 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrLpcReceive BasePriority: 0x8 Priority: 0xa TEB: 0x7ff6c000 StartAddress: 0x7c8106f9 Win32StartAddress: 0x00001671 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe22776b0 CrossThreadFlags: Eip: 0x7c90e514 eax=0x00000001 ebx=0x00000000 ecx=0x0240f880 edx=0x0240f938 esi=0x000fd238 edi=0x00000100 eip=0x7c90e514 esp=0x030bfe18 ebp=0x030bff80 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x820eb7f0 Pid: 1168 Tid: 1252 Tags: Created: 2012-06-29 14:16:53 Exited: - Owning Process: 0x823bd2b0 'svchost.exe' Attached Process: 0x823bd2b0 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0xa TEB: 0x7ffda000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x767744b7 ebx=0x00000000 ecx=0xffffffff edx=0x7c90f668 esi=0x000000c8 edi=0x00000000 eip=0x7c90e514 esp=0x006fff0c ebp=0x006fff70 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000297 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824fcda0 Pid: 1124 Tid: 332 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ffaf000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1f325c0 CrossThreadFlags: Eip: 0x7c90e514 eax=0x000000c0 ebx=0x0144fcf0 ecx=0x01d32980 edx=0x7c90e514 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x0144fcc8 ebp=0x0144fd64 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x823a57e8 Pid: 1124 Tid: 400 Tags: Created: 2012-06-29 14:17:10 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x9 TEB: 0x7ff9c000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x01d7fe04 ebx=0x01d7fe80 ecx=0x000003e8 edx=0x00000000 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x01d7fe58 ebp=0x01d7fef4 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x82450620 Pid: 1124 Tid: 1352 Tags: Created: 2012-06-29 14:17:46 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:UserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff82000 StartAddress: 0x7c8106f9 ServiceTable: 0x805530a0 [0] 0x80501b8c [1] - [2] - [3] - Win32Thread: 0x00000000 CrossThreadFlags: Eip: 0x7c90e514 eax=0x74f0742e ebx=0x0287fed4 ecx=0x00000000 edx=0x662b8664 esi=0x00000000 edi=0x7ffdf000 eip=0x7c90e514 esp=0x0287feac ebp=0x0287ff48 err=0x00000000 cs=0x1b ss=0x23 ds=0x23 es=0x23 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000 ------ ETHREAD: 0x824fa928 Pid: 1124 Tid: 1296 Tags: Created: 2012-06-29 14:17:19 Exited: - Owning Process: 0x8204b668 'svchost.exe' Attached Process: 0x8204b668 'svchost.exe' State: Waiting:WrUserRequest BasePriority: 0x8 Priority: 0x8 TEB: 0x7ff6e000 StartAddress: 0x7c8106f9 ServiceTable: 0x80553060 [0] 0x80501b8c [1] 0xbf99d900 [2] - [3] - Win32Thread: 0xe1f50a20 CrossThreadFlags: Eip: 0x7c90e514 eax=0x0013de20 ebx=0x00010114 ecx=0x00152808 edx=0x00000000 esi=0x02eaff54 edi=0x00000000 eip=0x7c90e514 esp=0x02eaff14 ebp=0x02eaff30 err=0x00000000 cs=0x1b ss=0x23 ds=0x90023 es=0x90023 gs=0x00 efl=0x00000246 dr0=0x00000000 dr1=0x00000000 dr2=0x00000000 dr3=0x00000000 dr6=0x00000000 dr7=0x00000000