another thing i forgot to tell u i cannot remove msn itself...i tried it in safe mode too and it still wouldnt delete.
here is the rkr.txt file:
HKLM\SECURITY\Policy\Secrets\SAC* 8/16/2005 12:01 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 8/16/2005 12:01 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\webcal\URL Protocol 5/5/2006 6:58 AM 13 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Support.com\Setup\ProviderList\BellSouth\monitoring\profiles\LastUpdated 11/26/2006 11:38 PM 50 bytes Data mismatch between Windows API and raw hive data.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199 8/29/2006 6:28 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041294.ini 8/28/2006 6:27 PM 598 bytes Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041295.dll 6/22/2006 11:33 AM 85.68 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041296.dll 5/16/2006 10:17 AM 352.73 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041297.dll 3/27/2006 8:44 AM 70.23 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041298.dll 7/12/2006 7:29 AM 114.17 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041299.dll 3/1/2006 7:34 AM 44.20 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041300.dll 7/27/2006 7:00 PM 191.17 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041301.dll 8/22/2006 11:31 AM 229.17 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041302.dll 7/27/2006 7:00 PM 75.68 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041303.exe 8/9/2006 10:46 PM 1.99 MB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041304.dll 8/28/2006 6:27 PM 439.85 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041305.sys 8/23/2006 8:42 AM 6.53 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041306.ini 8/26/2006 10:02 PM 295 bytes Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041307.new 8/28/2006 6:04 AM 5.59 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041308.new 8/28/2006 6:04 AM 532 bytes Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041309.ini 8/28/2006 6:27 PM 122 bytes Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041310.ini 8/28/2006 6:25 PM 66 bytes Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041311.ini 8/28/2006 4:50 PM 28 bytes Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041312.cfg 8/28/2006 4:50 PM 22 bytes Visible in Windows API, but not in MFT or directory in
here is the gmer file
GMER 1.0.12.12010 -
http://www.gmer.net
Rootkit scan 2006-11-26 23:05:35
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT 86D12D40 ZwAlertResumeThread
SSDT 86938620 ZwAlertThread
SSDT 86CF05F0 ZwAllocateVirtualMemory
SSDT 86B4C750 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey
SSDT 86E188F0 ZwCreateMutant
SSDT 86FCB4A8 ZwCreateProcess
SSDT 86FCB430 ZwCreateProcessEx
SSDT 8692E620 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey
SSDT 8629D228 ZwFreeVirtualMemory
SSDT 866DAE50 ZwImpersonateAnonymousToken
SSDT 86D40E90 ZwImpersonateThread
SSDT 86927680 ZwMapViewOfSection
SSDT 8681E728 ZwOpenEvent
SSDT 86D97540 ZwOpenProcessToken
SSDT 8629C228 ZwOpenThreadToken
SSDT 8694B638 ZwQueryValueKey
SSDT 86F17F30 ZwQueueApcThread
SSDT 86F17DC8 ZwReadVirtualMemory
SSDT 86F451A0 ZwRenameKey
SSDT 868419C0 ZwResumeThread
SSDT 86E133C8 ZwSetContextThread
SSDT 86F7A1F0 ZwSetInformationKey
SSDT 862901D8 ZwSetInformationProcess
SSDT 828E4148 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey
SSDT 86E09D80 ZwSuspendProcess
SSDT 862921D8 ZwSuspendThread
SSDT 862A0220 ZwTerminateProcess
SSDT 862EC1C8 ZwTerminateThread
SSDT 862D1200 ZwUnmapViewOfSection
SSDT 86D3AF80 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.12 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2BBC 805038A0 8 Bytes [ 40, 2D, D1, 86, 20, 86, 93, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C48 8050392C 8 Bytes [ A8, B4, FC, 86, 30, B4, FC, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F1C 80503C00 8 Bytes [ D8, 01, 29, 86, 48, 41, 8E, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F80 80503C64 8 Bytes [ 80, 9D, E0, 86, D8, 21, 29, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F90 80503C74 8 Bytes [ 20, 02, 2A, 86, C8, C1, 2E, ... ]
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\system32\csrss.exe[696] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[696] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[696] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\csrss.exe[696] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\csrss.exe[696] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[696] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[696] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\csrss.exe[696] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[720] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[720] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[720] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[720] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\services.exe[764] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[764] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[764] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\services.exe[764] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\services.exe[764] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\services.exe[764] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\lsass.exe[776] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[776] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[776] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[776] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\lsass.exe[776] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\lsass.exe[776] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[980] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\svchost.exe[980] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\svchost.exe[980] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1028] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\wwSecure.exe[1064] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\wwSecure.exe[1064] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\wwSecure.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\wwSecure.exe[1064] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\wwSecure.exe[1064] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\wwSecure.exe[1064] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\system32\wwSecure.exe[1064] user32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\wwSecure.exe[1064] user32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\wwSecure.exe[1064] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1112] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1112] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1112] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1112] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1112] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1112] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1112] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1140] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1140] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1140] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1140] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1140] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1140] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1140] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1200] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1352] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\explorer.exe[1376] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\explorer.exe[1376] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\explorer.exe[1376] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\explorer.exe[1376] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\explorer.exe[1376] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\explorer.exe[1376] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\explorer.exe[1376] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\explorer.exe[1376] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1448] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1448] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1448] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1448] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1448] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1624] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1624] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1624] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1624] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1624] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1624] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1624] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1624] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\CTXFIHLP.EXE[1644] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTXFIHLP.EXE[1644] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\CTXFIHLP.EXE[1644] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\CTXFIHLP.EXE[1644] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\CTXFIHLP.EXE[1644] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\CTXFIHLP.EXE[1644] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\CTXFIHLP.EXE[1644] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\CTXFIHLP.EXE[1644] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[1652] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[1652] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[1652] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[1652] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[1652] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[1652] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[1652] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe[1652] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1668] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1668] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1668] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1668] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1668] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1668] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1668] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1668] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe[1692] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe[1692] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe[1692] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe[1692] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe[1692] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe[1692] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe[1692] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe[1692] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\CTXFISPI.EXE[1708] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTXFISPI.EXE[1708] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\CTXFISPI.EXE[1708] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\CTXFISPI.EXE[1708] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\CTXFISPI.EXE[1708] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\CTXFISPI.EXE[1708] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\CTXFISPI.EXE[1708] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\CTXFISPI.EXE[1708] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1728] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1728] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1728] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1728] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1728] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1728] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe[1728] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1752] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1752] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1752] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1752] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1752] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1752] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1752] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1752] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1780] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1780] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1780] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1780] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1780] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1780] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1780] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1780] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\DLA\DLACTRLW.EXE[1788] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DLA\DLACTRLW.EXE[1788] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\DLA\DLACTRLW.EXE[1788] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\DLA\DLACTRLW.EXE[1788] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\DLA\DLACTRLW.EXE[1788] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\DLA\DLACTRLW.EXE[1788] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\DLA\DLACTRLW.EXE[1788] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\DLA\DLACTRLW.EXE[1788] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1892] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1892] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1892] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1892] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1892] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1892] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1892] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[1892] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[1920] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[1920] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[1920] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[1920] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[1920] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[1920] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ A7, EB, C3, 83 ]
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[1920] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[1920] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[1920] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[1996] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Windows Defender\MSASCui.exe[1996] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[1996] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[1996] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[1996] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[1996] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[1996] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[1996] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2112] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2112] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2112] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2112] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2112] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2112] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2112] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2112] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Program Files\Common Files\AOL\1160012957\ee\aolsoftware.exe[2156] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\AOL\1160012957\ee\aolsoftware.exe[2156] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\AOL\1160012957\ee\aolsoftware.exe[2156] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Common Files\AOL\1160012957\ee\aolsoftware.exe[2156] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Common Files\AOL\1160012957\ee\aolsoftware.exe[2156] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Common Files\AOL\1160012957\ee\aolsoftware.exe[2156] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\Common Files\AOL\1160012957\ee\aolsoftware.exe[2156] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Program Files\Common Files\AOL\1160012957\ee\aolsoftware.exe[2156] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[2276] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[2276] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[2276] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[2276] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[2276] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[2276] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[2276] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[2276] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2340] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2340] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2340] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2340] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2340] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2340] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2340] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2340] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2340] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2344] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2344] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2344] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2344] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2344] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2344] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2344] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2344] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2384] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2384] USER32.dll!DispatchMessageA 77D496B8 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2384] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 13, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2384] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 0F, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2384] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2416] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2416] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2416] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2416] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2416] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2416] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2416] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2416] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2500] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2500] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2500] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2500] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2500] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2500] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2500] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2500] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\CTSVCCDA.EXE[2796] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTSVCCDA.EXE[2796] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\CTSVCCDA.EXE[2796] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\CTSVCCDA.EXE[2796] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\CTSVCCDA.EXE[2796] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\CTSVCCDA.EXE[2796] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\system32\CTSVCCDA.EXE[2796] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\CTSVCCDA.EXE[2796] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\ehome\ehrecvr.exe[2840] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehrecvr.exe[2840] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\ehome\ehrecvr.exe[2840] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\ehome\ehrecvr.exe[2840] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\ehome\ehrecvr.exe[2840] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\ehome\ehrecvr.exe[2840] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 19, 5F ]
.text C:\WINDOWS\ehome\ehrecvr.exe[2840] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\ehome\ehrecvr.exe[2840] GDI32.dll!Escape 77F26926 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\ehome\ehSched.exe[2892] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehSched.exe[2892] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\ehome\ehSched.exe[2892] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\ehome\ehSched.exe[2892] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\ehome\ehSched.exe[2892] kernel32.dll!CreateProcessA 7C802367 6 Bytes