Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help, I can't view the internet.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Please help, I can't view the internet.

Unread postby gernodeb » October 7th, 2008, 11:09 pm

Logfile of random's system information tool 1.04 (written by random/random)
Run by Gerald Madrigal at 2008-10-07 20:00:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 35 GB (30%) free of 114 GB
Total RAM: 502 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:30, on 10/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Gerald Madrigal\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Gerald Madrigal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 16464 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Registration reminder 1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
Yahoo! IE Suggest - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [2008-01-14 233472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-30 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-20 2403392]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"=TFncKy.exe []
"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-03-11 73728]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-27 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-27 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-27 118784]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2006-01-05 352256]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-12-16 82009]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-12-16 761945]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"NDSTray.exe"=NDSTray.exe []
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe []
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"dla"=C:\WINDOWS\system32\dla\DLACTRLW.exe [2005-10-06 122940]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6253\SiteAdv.exe [2007-08-24 36640]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [2005-09-09 57344]
"CFSServ.exe"=CFSServ.exe -NoClient []
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-16 29744]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"MBkLogOnHook"=C:\Program Files\McAfee\MBK\LogOnHook.exe [2007-01-08 20480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-13 68856]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-25 443968]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Gerald Madrigal\Start Menu\Programs\Startup
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-27 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Picasa2\Picasa2.exe"="C:\Program Files\Picasa2\Picasa2.exe:*:Enabled:Picasa2"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcpswx.exe:*:Disabled: "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcjswx.exe:*:Disabled: "
"C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Enabled:Adobe Photoshop Elements Media Server"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Disabled:Google Talk"
"C:\WINDOWS\system32\g7dccoms.exe"="C:\WINDOWS\system32\g7dccoms.exe:*:Disabled:VersaJette Communications System"
"C:\Program Files\VersaJette M300-V08\g7dcamon.exe"="C:\Program Files\VersaJette M300-V08\g7dcamon.exe:*:Disabled:VersaJette Device Monitor"
"C:\Program Files\VersaJette M300-V08\App4R.exe"="C:\Program Files\VersaJette M300-V08\App4R.exe:*:Disabled:VersaJette Imaging Studio"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\VersaJette M300-V08\app4r.exe"="C:\Program Files\VersaJette M300-V08\App4R.exe:*:Enabled:Printing Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92fcabe3-1974-11dd-a701-001302d298a8}]
shell\AutoRun\command - E:\wdsync.exe


======List of files/folders created in the last 1 months======

2008-10-07 20:00:40 ----D---- C:\rsit
2008-10-07 19:12:21 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\Malwarebytes
2008-10-07 19:12:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-07 19:12:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-07 09:46:30 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\McAfee
2008-10-01 02:56:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2008-10-01 02:53:44 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\PC Tools
2008-09-30 19:04:42 ----D---- C:\Program Files\RegCure
2008-09-29 05:02:42 ----D---- C:\Program Files\Trend Micro
2008-09-28 19:38:38 ----D---- C:\Program Files\Spyware Doctor
2008-09-17 11:37:32 ----A---- C:\WINDOWS\jestertb.dll
2008-09-09 23:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 23:43:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 19:48:55 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-09-09 19:48:19 ----D---- C:\Program Files\iPod
2008-09-09 19:48:09 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-09 19:48:08 ----D---- C:\Program Files\iTunes
2008-09-09 19:47:27 ----D---- C:\Program Files\Bonjour
2008-09-09 19:41:38 ----D---- C:\Program Files\Apple Software Update
2008-09-09 19:39:53 ----A---- C:\WINDOWS\system32\usbaaplrc.dll

======List of files/folders modified in the last 1 months======

2008-10-07 20:01:00 ----D---- C:\WINDOWS\Temp
2008-10-07 20:00:36 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-07 20:00:24 ----D---- C:\WINDOWS\Prefetch
2008-10-07 19:54:29 ----D---- C:\WINDOWS
2008-10-07 19:52:10 ----D---- C:\WINDOWS\Registration
2008-10-07 19:48:24 ----AD---- C:\WINDOWS\system32\drivers
2008-10-07 19:48:17 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-10-07 19:47:20 ----D---- C:\WINDOWS\system32\DLA
2008-10-07 19:45:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-07 19:12:05 ----D---- C:\Program Files
2008-10-07 14:58:06 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem #4.txt
2008-10-07 14:05:57 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-07 12:27:07 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem #3.txt
2008-10-07 09:45:50 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-06 13:50:43 ----D---- C:\Program Files\McAfee
2008-10-06 12:40:12 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem.txt
2008-10-06 11:49:23 ----HD---- C:\WINDOWS\inf
2008-10-06 11:48:49 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\SiteAdvisor
2008-10-06 11:48:07 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-01 02:56:26 ----AD---- C:\WINDOWS\system32
2008-09-30 19:41:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-30 19:11:13 ----D---- C:\WINDOWS\system32\config
2008-09-30 19:10:43 ----D---- C:\WINDOWS\system32\wbem
2008-09-30 19:10:10 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-30 19:10:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-29 12:34:42 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem #2.txt
2008-09-29 05:17:08 ----SD---- C:\WINDOWS\Tasks
2008-09-27 18:49:48 ----SD---- C:\Documents and Settings\Gerald Madrigal\Application Data\Microsoft
2008-09-25 16:56:24 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\Vso
2008-09-25 11:55:25 ----D---- C:\Program Files\DVDFab 5
2008-09-16 05:22:53 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-15 04:20:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-10 04:00:59 ----HD---- C:\Config.Msi
2008-09-09 23:44:16 ----D---- C:\WINDOWS\WinSxS
2008-09-09 23:43:44 ----A---- C:\WINDOWS\imsins.BAK
2008-09-09 19:49:31 ----SHD---- C:\WINDOWS\Installer
2008-09-09 19:48:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-09 19:47:00 ----D---- C:\Program Files\QuickTime
2008-09-09 19:46:05 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-15 21275]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-02-16 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-27 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-12-21 47360]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-16 191936]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2007-01-16 71208]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-09-22 1079176]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-16 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-17 138168]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by Gerald Madrigal at 2008-10-07 20:00:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 35 GB (30%) free of 114 GB
Total RAM: 502 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:30, on 10/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Gerald Madrigal\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Gerald Madrigal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 16464 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Registration reminder 1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
Yahoo! IE Suggest - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [2008-01-14 233472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-30 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-20 2403392]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"=TFncKy.exe []
"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-03-11 73728]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-27 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-27 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-27 118784]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2006-01-05 352256]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-12-16 82009]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-12-16 761945]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"NDSTray.exe"=NDSTray.exe []
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe []
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"dla"=C:\WINDOWS\system32\dla\DLACTRLW.exe [2005-10-06 122940]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6253\SiteAdv.exe [2007-08-24 36640]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [2005-09-09 57344]
"CFSServ.exe"=CFSServ.exe -NoClient []
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-16 29744]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"MBkLogOnHook"=C:\Program Files\McAfee\MBK\LogOnHook.exe [2007-01-08 20480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-13 68856]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-25 443968]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Gerald Madrigal\Start Menu\Programs\Startup
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-27 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Picasa2\Picasa2.exe"="C:\Program Files\Picasa2\Picasa2.exe:*:Enabled:Picasa2"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcpswx.exe:*:Disabled: "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcjswx.exe:*:Disabled: "
"C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Enabled:Adobe Photoshop Elements Media Server"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Disabled:Google Talk"
"C:\WINDOWS\system32\g7dccoms.exe"="C:\WINDOWS\system32\g7dccoms.exe:*:Disabled:VersaJette Communications System"
"C:\Program Files\VersaJette M300-V08\g7dcamon.exe"="C:\Program Files\VersaJette M300-V08\g7dcamon.exe:*:Disabled:VersaJette Device Monitor"
"C:\Program Files\VersaJette M300-V08\App4R.exe"="C:\Program Files\VersaJette M300-V08\App4R.exe:*:Disabled:VersaJette Imaging Studio"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\VersaJette M300-V08\app4r.exe"="C:\Program Files\VersaJette M300-V08\App4R.exe:*:Enabled:Printing Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92fcabe3-1974-11dd-a701-001302d298a8}]
shell\AutoRun\command - E:\wdsync.exe


======List of files/folders created in the last 1 months======

2008-10-07 20:00:40 ----D---- C:\rsit
2008-10-07 19:12:21 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\Malwarebytes
2008-10-07 19:12:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-07 19:12:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-07 09:46:30 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\McAfee
2008-10-01 02:56:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2008-10-01 02:53:44 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\PC Tools
2008-09-30 19:04:42 ----D---- C:\Program Files\RegCure
2008-09-29 05:02:42 ----D---- C:\Program Files\Trend Micro
2008-09-28 19:38:38 ----D---- C:\Program Files\Spyware Doctor
2008-09-17 11:37:32 ----A---- C:\WINDOWS\jestertb.dll
2008-09-09 23:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 23:43:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 19:48:55 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-09-09 19:48:19 ----D---- C:\Program Files\iPod
2008-09-09 19:48:09 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-09 19:48:08 ----D---- C:\Program Files\iTunes
2008-09-09 19:47:27 ----D---- C:\Program Files\Bonjour
2008-09-09 19:41:38 ----D---- C:\Program Files\Apple Software Update
2008-09-09 19:39:53 ----A---- C:\WINDOWS\system32\usbaaplrc.dll

======List of files/folders modified in the last 1 months======

2008-10-07 20:01:00 ----D---- C:\WINDOWS\Temp
2008-10-07 20:00:36 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-07 20:00:24 ----D---- C:\WINDOWS\Prefetch
2008-10-07 19:54:29 ----D---- C:\WINDOWS
2008-10-07 19:52:10 ----D---- C:\WINDOWS\Registration
2008-10-07 19:48:24 ----AD---- C:\WINDOWS\system32\drivers
2008-10-07 19:48:17 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-10-07 19:47:20 ----D---- C:\WINDOWS\system32\DLA
2008-10-07 19:45:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-07 19:12:05 ----D---- C:\Program Files
2008-10-07 14:58:06 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem #4.txt
2008-10-07 14:05:57 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-07 12:27:07 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem #3.txt
2008-10-07 09:45:50 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-06 13:50:43 ----D---- C:\Program Files\McAfee
2008-10-06 12:40:12 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem.txt
2008-10-06 11:49:23 ----HD---- C:\WINDOWS\inf
2008-10-06 11:48:49 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\SiteAdvisor
2008-10-06 11:48:07 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-01 02:56:26 ----AD---- C:\WINDOWS\system32
2008-09-30 19:41:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-30 19:11:13 ----D---- C:\WINDOWS\system32\config
2008-09-30 19:10:43 ----D---- C:\WINDOWS\system32\wbem
2008-09-30 19:10:10 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-30 19:10:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-29 12:34:42 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem #2.txt
2008-09-29 05:17:08 ----SD---- C:\WINDOWS\Tasks
2008-09-27 18:49:48 ----SD---- C:\Documents and Settings\Gerald Madrigal\Application Data\Microsoft
2008-09-25 16:56:24 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\Vso
2008-09-25 11:55:25 ----D---- C:\Program Files\DVDFab 5
2008-09-16 05:22:53 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-15 04:20:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-10 04:00:59 ----HD---- C:\Config.Msi
2008-09-09 23:44:16 ----D---- C:\WINDOWS\WinSxS
2008-09-09 23:43:44 ----A---- C:\WINDOWS\imsins.BAK
2008-09-09 19:49:31 ----SHD---- C:\WINDOWS\Installer
2008-09-09 19:48:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-09 19:47:00 ----D---- C:\Program Files\QuickTime
2008-09-09 19:46:05 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-15 21275]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-02-16 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-27 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-12-21 47360]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-16 191936]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2007-01-16 71208]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-09-22 1079176]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-16 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-17 138168]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by Gerald Madrigal at 2008-10-07 20:00:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 35 GB (30%) free of 114 GB
Total RAM: 502 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:30, on 10/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Gerald Madrigal\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Gerald Madrigal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 16464 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Registration reminder 1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
Yahoo! IE Suggest - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [2008-01-14 233472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-30 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-20 2403392]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"=TFncKy.exe []
"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-03-11 73728]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-27 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-27 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-27 118784]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2006-01-05 352256]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-12-16 82009]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-12-16 761945]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"NDSTray.exe"=NDSTray.exe []
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe []
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"dla"=C:\WINDOWS\system32\dla\DLACTRLW.exe [2005-10-06 122940]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6253\SiteAdv.exe [2007-08-24 36640]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [2005-09-09 57344]
"CFSServ.exe"=CFSServ.exe -NoClient []
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-16 29744]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"MBkLogOnHook"=C:\Program Files\McAfee\MBK\LogOnHook.exe [2007-01-08 20480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-13 68856]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-25 443968]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Gerald Madrigal\Start Menu\Programs\Startup
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-27 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Picasa2\Picasa2.exe"="C:\Program Files\Picasa2\Picasa2.exe:*:Enabled:Picasa2"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcpswx.exe:*:Disabled: "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcjswx.exe:*:Disabled: "
"C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Enabled:Adobe Photoshop Elements Media Server"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Disabled:Google Talk"
"C:\WINDOWS\system32\g7dccoms.exe"="C:\WINDOWS\system32\g7dccoms.exe:*:Disabled:VersaJette Communications System"
"C:\Program Files\VersaJette M300-V08\g7dcamon.exe"="C:\Program Files\VersaJette M300-V08\g7dcamon.exe:*:Disabled:VersaJette Device Monitor"
"C:\Program Files\VersaJette M300-V08\App4R.exe"="C:\Program Files\VersaJette M300-V08\App4R.exe:*:Disabled:VersaJette Imaging Studio"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\VersaJette M300-V08\app4r.exe"="C:\Program Files\VersaJette M300-V08\App4R.exe:*:Enabled:Printing Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92fcabe3-1974-11dd-a701-001302d298a8}]
shell\AutoRun\command - E:\wdsync.exe


======List of files/folders created in the last 1 months======

2008-10-07 20:00:40 ----D---- C:\rsit
2008-10-07 19:12:21 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\Malwarebytes
2008-10-07 19:12:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-07 19:12:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-07 09:46:30 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\McAfee
2008-10-01 02:56:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2008-10-01 02:53:44 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\PC Tools
2008-09-30 19:04:42 ----D---- C:\Program Files\RegCure
2008-09-29 05:02:42 ----D---- C:\Program Files\Trend Micro
2008-09-28 19:38:38 ----D---- C:\Program Files\Spyware Doctor
2008-09-17 11:37:32 ----A---- C:\WINDOWS\jestertb.dll
2008-09-09 23:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 23:43:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 19:48:55 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-09-09 19:48:19 ----D---- C:\Program Files\iPod
2008-09-09 19:48:09 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-09 19:48:08 ----D---- C:\Program Files\iTunes
2008-09-09 19:47:27 ----D---- C:\Program Files\Bonjour
2008-09-09 19:41:38 ----D---- C:\Program Files\Apple Software Update
2008-09-09 19:39:53 ----A---- C:\WINDOWS\system32\usbaaplrc.dll

======List of files/folders modified in the last 1 months======

2008-10-07 20:01:00 ----D---- C:\WINDOWS\Temp
2008-10-07 20:00:36 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-07 20:00:24 ----D---- C:\WINDOWS\Prefetch
2008-10-07 19:54:29 ----D---- C:\WINDOWS
2008-10-07 19:52:10 ----D---- C:\WINDOWS\Registration
2008-10-07 19:48:24 ----AD---- C:\WINDOWS\system32\drivers
2008-10-07 19:48:17 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-10-07 19:47:20 ----D---- C:\WINDOWS\system32\DLA
2008-10-07 19:45:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-07 19:12:05 ----D---- C:\Program Files
2008-10-07 14:58:06 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem #4.txt
2008-10-07 14:05:57 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-07 12:27:07 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem #3.txt
2008-10-07 09:45:50 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-06 13:50:43 ----D---- C:\Program Files\McAfee
2008-10-06 12:40:12 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem.txt
2008-10-06 11:49:23 ----HD---- C:\WINDOWS\inf
2008-10-06 11:48:49 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\SiteAdvisor
2008-10-06 11:48:07 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-01 02:56:26 ----AD---- C:\WINDOWS\system32
2008-09-30 19:41:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-30 19:11:13 ----D---- C:\WINDOWS\system32\config
2008-09-30 19:10:43 ----D---- C:\WINDOWS\system32\wbem
2008-09-30 19:10:10 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-30 19:10:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-29 12:34:42 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem #2.txt
2008-09-29 05:17:08 ----SD---- C:\WINDOWS\Tasks
2008-09-27 18:49:48 ----SD---- C:\Documents and Settings\Gerald Madrigal\Application Data\Microsoft
2008-09-25 16:56:24 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\Vso
2008-09-25 11:55:25 ----D---- C:\Program Files\DVDFab 5
2008-09-16 05:22:53 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-15 04:20:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-10 04:00:59 ----HD---- C:\Config.Msi
2008-09-09 23:44:16 ----D---- C:\WINDOWS\WinSxS
2008-09-09 23:43:44 ----A---- C:\WINDOWS\imsins.BAK
2008-09-09 19:49:31 ----SHD---- C:\WINDOWS\Installer
2008-09-09 19:48:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-09 19:47:00 ----D---- C:\Program Files\QuickTime
2008-09-09 19:46:05 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-15 21275]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-02-16 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-27 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-12-21 47360]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-16 191936]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2007-01-16 71208]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-09-22 1079176]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-16 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-17 138168]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-10-07 20:01:41

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{3B55590C-8A9B-4BD6-B489-744B63026A2A}
-->MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4X UltraSaver-->MsiExec.exe /I{343F5741-ADF3-4594-9FF2-CB9314E3FB9C}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop Elements 4.0-->msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Apple Mobile Device Support-->MsiExec.exe /I{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audible Download Manager-->C:\Program Files\Audible\Bin\AudibleDM_iTunesSetup[1].exe /Uninstall
Ben Hogan The Swing Revealed-->MsiExec.exe /I{DA105E14-8C0F-4C49-9B24-FAC7DD37BCC3}
Blasterball 2 Revolution-->"C:\Program Files\Toshiba Games\Blasterball 2 Revolution\Uninstall.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Chessmaster Challenge-->C:\Program Files\Chessmaster Challenge\uninstall.exe
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.3.0-->"C:\Program Files\DVDFab 5\unins000.exe"
DVDFab Platinum 4.1.2.0-->"C:\Program Files\DVDFab Platinum 4\unins000.exe"
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Metamail (Toshiba Registration Utility)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE3F89C0-42D5-11D5-A40A-00105AC8331A}\setup.exe" -l0x9
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office OneNote 2003-->MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mobile Broadband Drivers-->MsiExec.exe /X{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Polar Golfer-->"C:\Program Files\Toshiba Games\Polar Golfer\Uninstall.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Reasonable NoClone 2007 Home-->MsiExec.exe /I{E51AD7C9-208B-413B-A4ED-A170635198F5}
RegCure 1.5.0.1-->C:\Program Files\RegCure\uninst.exe
SCRABBLE-->"C:\Program Files\Toshiba Games\SCRABBLE\Uninstall.exe"
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Game Console-->"C:\Program Files\WildTangent\Apps\TOSHIBA Game Console\Uninstall.exe"
TOSHIBA Hotkey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9
TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA TouchPad ON/Off Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9
TOSHIBA TV Tuner 4.0.12.73-->C:\Program Files\AVerMedia\TOSHIBA TV Tuner\uninst.exe
TOSHIBA Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9
TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VZAccess Manager-->C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB888316-->C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB894553-->C:\WINDOWS\$NtUninstallKB894553$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678-->C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~2\UNINST~1.EXE
Yahoo! Search Suggest Add-on for IE7-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip

-----------------EOF-----------------
Malwarebytes' Anti-Malware 1.28
Database version: 1241
Windows 5.1.2600 Service Pack 3

10/7/2008 7:40:14 PM
mbam-log-2008-10-07 (19-40-14).txt

Scan type: Quick Scan
Objects scanned: 60555
Time elapsed: 8 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\k.txt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gerald Madrigal\Favorites\Free MP3 Search.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gerald Madrigal\Start Menu\Free MP3 Search.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gerald Madrigal\Favorites\Free Porn.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gerald Madrigal\Favorites\Search Online.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gerald Madrigal\Start Menu\Search Online.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gerald Madrigal\Favorites\VIP Casino.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gerald Madrigal\Start Menu\VIP Casino.url (Rogue.Link) -> Quarantined and deleted successfully.



I am feeling very hopeful here.

gernodeb
gernodeb
Regular Member
 
Posts: 16
Joined: September 29th, 2008, 7:32 am
Advertisement
Register to Remove

Re: Please help, I can't view the internet.

Unread postby gernodeb » October 7th, 2008, 11:09 pm

Logfile of random's system information tool 1.04 (written by random/random)
Run by Gerald Madrigal at 2008-10-07 20:00:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 35 GB (30%) free of 114 GB
Total RAM: 502 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:30, on 10/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Gerald Madrigal\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Gerald Madrigal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 16464 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Registration reminder 1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
Yahoo! IE Suggest - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [2008-01-14 233472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-30 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-20 2403392]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"=TFncKy.exe []
"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-03-11 73728]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-27 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-27 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-27 118784]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2006-01-05 352256]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-12-16 82009]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-12-16 761945]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"NDSTray.exe"=NDSTray.exe []
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe []
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"dla"=C:\WINDOWS\system32\dla\DLACTRLW.exe [2005-10-06 122940]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6253\SiteAdv.exe [2007-08-24 36640]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [2005-09-09 57344]
"CFSServ.exe"=CFSServ.exe -NoClient []
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-16 29744]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"MBkLogOnHook"=C:\Program Files\McAfee\MBK\LogOnHook.exe [2007-01-08 20480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-13 68856]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-25 443968]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Gerald Madrigal\Start Menu\Programs\Startup
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-27 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Picasa2\Picasa2.exe"="C:\Program Files\Picasa2\Picasa2.exe:*:Enabled:Picasa2"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcpswx.exe:*:Disabled: "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcjswx.exe:*:Disabled: "
"C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Enabled:Adobe Photoshop Elements Media Server"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Disabled:Google Talk"
"C:\WINDOWS\system32\g7dccoms.exe"="C:\WINDOWS\system32\g7dccoms.exe:*:Disabled:VersaJette Communications System"
"C:\Program Files\VersaJette M300-V08\g7dcamon.exe"="C:\Program Files\VersaJette M300-V08\g7dcamon.exe:*:Disabled:VersaJette Device Monitor"
"C:\Program Files\VersaJette M300-V08\App4R.exe"="C:\Program Files\VersaJette M300-V08\App4R.exe:*:Disabled:VersaJette Imaging Studio"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\VersaJette M300-V08\app4r.exe"="C:\Program Files\VersaJette M300-V08\App4R.exe:*:Enabled:Printing Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92fcabe3-1974-11dd-a701-001302d298a8}]
shell\AutoRun\command - E:\wdsync.exe


======List of files/folders created in the last 1 months======

2008-10-07 20:00:40 ----D---- C:\rsit
2008-10-07 19:12:21 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\Malwarebytes
2008-10-07 19:12:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-07 19:12:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-07 09:46:30 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\McAfee
2008-10-01 02:56:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2008-10-01 02:53:44 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\PC Tools
2008-09-30 19:04:42 ----D---- C:\Program Files\RegCure
2008-09-29 05:02:42 ----D---- C:\Program Files\Trend Micro
2008-09-28 19:38:38 ----D---- C:\Program Files\Spyware Doctor
2008-09-17 11:37:32 ----A---- C:\WINDOWS\jestertb.dll
2008-09-09 23:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 23:43:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 19:48:55 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-09-09 19:48:19 ----D---- C:\Program Files\iPod
2008-09-09 19:48:09 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-09 19:48:08 ----D---- C:\Program Files\iTunes
2008-09-09 19:47:27 ----D---- C:\Program Files\Bonjour
2008-09-09 19:41:38 ----D---- C:\Program Files\Apple Software Update
2008-09-09 19:39:53 ----A---- C:\WINDOWS\system32\usbaaplrc.dll

======List of files/folders modified in the last 1 months======

2008-10-07 20:01:00 ----D---- C:\WINDOWS\Temp
2008-10-07 20:00:36 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-07 20:00:24 ----D---- C:\WINDOWS\Prefetch
2008-10-07 19:54:29 ----D---- C:\WINDOWS
2008-10-07 19:52:10 ----D---- C:\WINDOWS\Registration
2008-10-07 19:48:24 ----AD---- C:\WINDOWS\system32\drivers
2008-10-07 19:48:17 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-10-07 19:47:20 ----D---- C:\WINDOWS\system32\DLA
2008-10-07 19:45:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-07 19:12:05 ----D---- C:\Program Files
2008-10-07 14:58:06 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem #4.txt
2008-10-07 14:05:57 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-07 12:27:07 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem #3.txt
2008-10-07 09:45:50 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-06 13:50:43 ----D---- C:\Program Files\McAfee
2008-10-06 12:40:12 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem.txt
2008-10-06 11:49:23 ----HD---- C:\WINDOWS\inf
2008-10-06 11:48:49 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\SiteAdvisor
2008-10-06 11:48:07 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-01 02:56:26 ----AD---- C:\WINDOWS\system32
2008-09-30 19:41:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-30 19:11:13 ----D---- C:\WINDOWS\system32\config
2008-09-30 19:10:43 ----D---- C:\WINDOWS\system32\wbem
2008-09-30 19:10:10 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-30 19:10:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-29 12:34:42 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem #2.txt
2008-09-29 05:17:08 ----SD---- C:\WINDOWS\Tasks
2008-09-27 18:49:48 ----SD---- C:\Documents and Settings\Gerald Madrigal\Application Data\Microsoft
2008-09-25 16:56:24 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\Vso
2008-09-25 11:55:25 ----D---- C:\Program Files\DVDFab 5
2008-09-16 05:22:53 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-15 04:20:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-10 04:00:59 ----HD---- C:\Config.Msi
2008-09-09 23:44:16 ----D---- C:\WINDOWS\WinSxS
2008-09-09 23:43:44 ----A---- C:\WINDOWS\imsins.BAK
2008-09-09 19:49:31 ----SHD---- C:\WINDOWS\Installer
2008-09-09 19:48:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-09 19:47:00 ----D---- C:\Program Files\QuickTime
2008-09-09 19:46:05 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-15 21275]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-02-16 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-27 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-12-21 47360]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-16 191936]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2007-01-16 71208]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-09-22 1079176]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-16 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-17 138168]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by Gerald Madrigal at 2008-10-07 20:00:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 35 GB (30%) free of 114 GB
Total RAM: 502 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:30, on 10/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Gerald Madrigal\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Gerald Madrigal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 16464 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Registration reminder 1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
Yahoo! IE Suggest - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [2008-01-14 233472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-30 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-20 2403392]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"=TFncKy.exe []
"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-03-11 73728]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-27 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-27 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-27 118784]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2006-01-05 352256]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-12-16 82009]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-12-16 761945]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"NDSTray.exe"=NDSTray.exe []
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe []
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"dla"=C:\WINDOWS\system32\dla\DLACTRLW.exe [2005-10-06 122940]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6253\SiteAdv.exe [2007-08-24 36640]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [2005-09-09 57344]
"CFSServ.exe"=CFSServ.exe -NoClient []
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-16 29744]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"MBkLogOnHook"=C:\Program Files\McAfee\MBK\LogOnHook.exe [2007-01-08 20480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-13 68856]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-25 443968]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Gerald Madrigal\Start Menu\Programs\Startup
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-27 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Picasa2\Picasa2.exe"="C:\Program Files\Picasa2\Picasa2.exe:*:Enabled:Picasa2"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcpswx.exe:*:Disabled: "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcjswx.exe:*:Disabled: "
"C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Enabled:Adobe Photoshop Elements Media Server"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Disabled:Google Talk"
"C:\WINDOWS\system32\g7dccoms.exe"="C:\WINDOWS\system32\g7dccoms.exe:*:Disabled:VersaJette Communications System"
"C:\Program Files\VersaJette M300-V08\g7dcamon.exe"="C:\Program Files\VersaJette M300-V08\g7dcamon.exe:*:Disabled:VersaJette Device Monitor"
"C:\Program Files\VersaJette M300-V08\App4R.exe"="C:\Program Files\VersaJette M300-V08\App4R.exe:*:Disabled:VersaJette Imaging Studio"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\VersaJette M300-V08\app4r.exe"="C:\Program Files\VersaJette M300-V08\App4R.exe:*:Enabled:Printing Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92fcabe3-1974-11dd-a701-001302d298a8}]
shell\AutoRun\command - E:\wdsync.exe


======List of files/folders created in the last 1 months======

2008-10-07 20:00:40 ----D---- C:\rsit
2008-10-07 19:12:21 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\Malwarebytes
2008-10-07 19:12:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-07 19:12:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-07 09:46:30 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\McAfee
2008-10-01 02:56:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2008-10-01 02:53:44 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\PC Tools
2008-09-30 19:04:42 ----D---- C:\Program Files\RegCure
2008-09-29 05:02:42 ----D---- C:\Program Files\Trend Micro
2008-09-28 19:38:38 ----D---- C:\Program Files\Spyware Doctor
2008-09-17 11:37:32 ----A---- C:\WINDOWS\jestertb.dll
2008-09-09 23:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 23:43:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 19:48:55 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-09-09 19:48:19 ----D---- C:\Program Files\iPod
2008-09-09 19:48:09 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-09 19:48:08 ----D---- C:\Program Files\iTunes
2008-09-09 19:47:27 ----D---- C:\Program Files\Bonjour
2008-09-09 19:41:38 ----D---- C:\Program Files\Apple Software Update
2008-09-09 19:39:53 ----A---- C:\WINDOWS\system32\usbaaplrc.dll

======List of files/folders modified in the last 1 months======

2008-10-07 20:01:00 ----D---- C:\WINDOWS\Temp
2008-10-07 20:00:36 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-07 20:00:24 ----D---- C:\WINDOWS\Prefetch
2008-10-07 19:54:29 ----D---- C:\WINDOWS
2008-10-07 19:52:10 ----D---- C:\WINDOWS\Registration
2008-10-07 19:48:24 ----AD---- C:\WINDOWS\system32\drivers
2008-10-07 19:48:17 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-10-07 19:47:20 ----D---- C:\WINDOWS\system32\DLA
2008-10-07 19:45:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-07 19:12:05 ----D---- C:\Program Files
2008-10-07 14:58:06 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem #4.txt
2008-10-07 14:05:57 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-07 12:27:07 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem #3.txt
2008-10-07 09:45:50 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-06 13:50:43 ----D---- C:\Program Files\McAfee
2008-10-06 12:40:12 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem.txt
2008-10-06 11:49:23 ----HD---- C:\WINDOWS\inf
2008-10-06 11:48:49 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\SiteAdvisor
2008-10-06 11:48:07 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-01 02:56:26 ----AD---- C:\WINDOWS\system32
2008-09-30 19:41:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-30 19:11:13 ----D---- C:\WINDOWS\system32\config
2008-09-30 19:10:43 ----D---- C:\WINDOWS\system32\wbem
2008-09-30 19:10:10 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-30 19:10:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-29 12:34:42 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem #2.txt
2008-09-29 05:17:08 ----SD---- C:\WINDOWS\Tasks
2008-09-27 18:49:48 ----SD---- C:\Documents and Settings\Gerald Madrigal\Application Data\Microsoft
2008-09-25 16:56:24 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\Vso
2008-09-25 11:55:25 ----D---- C:\Program Files\DVDFab 5
2008-09-16 05:22:53 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-15 04:20:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-10 04:00:59 ----HD---- C:\Config.Msi
2008-09-09 23:44:16 ----D---- C:\WINDOWS\WinSxS
2008-09-09 23:43:44 ----A---- C:\WINDOWS\imsins.BAK
2008-09-09 19:49:31 ----SHD---- C:\WINDOWS\Installer
2008-09-09 19:48:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-09 19:47:00 ----D---- C:\Program Files\QuickTime
2008-09-09 19:46:05 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-15 21275]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-02-16 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-27 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-12-21 47360]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-16 191936]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2007-01-16 71208]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-09-22 1079176]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-16 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-17 138168]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by Gerald Madrigal at 2008-10-07 20:00:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 35 GB (30%) free of 114 GB
Total RAM: 502 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:30, on 10/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Gerald Madrigal\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Gerald Madrigal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 16464 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Registration reminder 1.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
Yahoo! IE Suggest - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [2008-01-14 233472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-30 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-20 2403392]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"=TFncKy.exe []
"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-03-11 73728]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-27 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-27 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-27 118784]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2006-01-05 352256]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-12-16 82009]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-12-16 761945]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"NDSTray.exe"=NDSTray.exe []
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe []
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"dla"=C:\WINDOWS\system32\dla\DLACTRLW.exe [2005-10-06 122940]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6253\SiteAdv.exe [2007-08-24 36640]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [2005-09-09 57344]
"CFSServ.exe"=CFSServ.exe -NoClient []
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-16 29744]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"MBkLogOnHook"=C:\Program Files\McAfee\MBK\LogOnHook.exe [2007-01-08 20480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-13 68856]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-25 443968]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-06-26 111856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Gerald Madrigal\Start Menu\Programs\Startup
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-27 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Picasa2\Picasa2.exe"="C:\Program Files\Picasa2\Picasa2.exe:*:Enabled:Picasa2"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcpswx.exe:*:Disabled: "
"C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\g7dcjswx.exe:*:Disabled: "
"C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Enabled:Adobe Photoshop Elements Media Server"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Disabled:Google Talk"
"C:\WINDOWS\system32\g7dccoms.exe"="C:\WINDOWS\system32\g7dccoms.exe:*:Disabled:VersaJette Communications System"
"C:\Program Files\VersaJette M300-V08\g7dcamon.exe"="C:\Program Files\VersaJette M300-V08\g7dcamon.exe:*:Disabled:VersaJette Device Monitor"
"C:\Program Files\VersaJette M300-V08\App4R.exe"="C:\Program Files\VersaJette M300-V08\App4R.exe:*:Disabled:VersaJette Imaging Studio"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\VersaJette M300-V08\app4r.exe"="C:\Program Files\VersaJette M300-V08\App4R.exe:*:Enabled:Printing Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92fcabe3-1974-11dd-a701-001302d298a8}]
shell\AutoRun\command - E:\wdsync.exe


======List of files/folders created in the last 1 months======

2008-10-07 20:00:40 ----D---- C:\rsit
2008-10-07 19:12:21 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\Malwarebytes
2008-10-07 19:12:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-07 19:12:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-07 09:46:30 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\McAfee
2008-10-01 02:56:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2008-10-01 02:53:44 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\PC Tools
2008-09-30 19:04:42 ----D---- C:\Program Files\RegCure
2008-09-29 05:02:42 ----D---- C:\Program Files\Trend Micro
2008-09-28 19:38:38 ----D---- C:\Program Files\Spyware Doctor
2008-09-17 11:37:32 ----A---- C:\WINDOWS\jestertb.dll
2008-09-09 23:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 23:43:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 19:48:55 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-09-09 19:48:19 ----D---- C:\Program Files\iPod
2008-09-09 19:48:09 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-09 19:48:08 ----D---- C:\Program Files\iTunes
2008-09-09 19:47:27 ----D---- C:\Program Files\Bonjour
2008-09-09 19:41:38 ----D---- C:\Program Files\Apple Software Update
2008-09-09 19:39:53 ----A---- C:\WINDOWS\system32\usbaaplrc.dll

======List of files/folders modified in the last 1 months======

2008-10-07 20:01:00 ----D---- C:\WINDOWS\Temp
2008-10-07 20:00:36 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-07 20:00:24 ----D---- C:\WINDOWS\Prefetch
2008-10-07 19:54:29 ----D---- C:\WINDOWS
2008-10-07 19:52:10 ----D---- C:\WINDOWS\Registration
2008-10-07 19:48:24 ----AD---- C:\WINDOWS\system32\drivers
2008-10-07 19:48:17 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-10-07 19:47:20 ----D---- C:\WINDOWS\system32\DLA
2008-10-07 19:45:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-07 19:12:05 ----D---- C:\Program Files
2008-10-07 14:58:06 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem #4.txt
2008-10-07 14:05:57 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-07 12:27:07 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem #3.txt
2008-10-07 09:45:50 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-06 13:50:43 ----D---- C:\Program Files\McAfee
2008-10-06 12:40:12 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem.txt
2008-10-06 11:49:23 ----HD---- C:\WINDOWS\inf
2008-10-06 11:48:49 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\SiteAdvisor
2008-10-06 11:48:07 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-01 02:56:26 ----AD---- C:\WINDOWS\system32
2008-09-30 19:41:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-30 19:11:13 ----D---- C:\WINDOWS\system32\config
2008-09-30 19:10:43 ----D---- C:\WINDOWS\system32\wbem
2008-09-30 19:10:10 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-30 19:10:09 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-29 12:34:42 ----A---- C:\WINDOWS\ModemLog_Novatel Wireless Expedite EV-DO Modem #2.txt
2008-09-29 05:17:08 ----SD---- C:\WINDOWS\Tasks
2008-09-27 18:49:48 ----SD---- C:\Documents and Settings\Gerald Madrigal\Application Data\Microsoft
2008-09-25 16:56:24 ----D---- C:\Documents and Settings\Gerald Madrigal\Application Data\Vso
2008-09-25 11:55:25 ----D---- C:\Program Files\DVDFab 5
2008-09-16 05:22:53 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-15 04:20:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-10 04:00:59 ----HD---- C:\Config.Msi
2008-09-09 23:44:16 ----D---- C:\WINDOWS\WinSxS
2008-09-09 23:43:44 ----A---- C:\WINDOWS\imsins.BAK
2008-09-09 19:49:31 ----SHD---- C:\WINDOWS\Installer
2008-09-09 19:48:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-09 19:47:00 ----D---- C:\Program Files\QuickTime
2008-09-09 19:46:05 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-15 21275]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-02-16 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-27 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 194048]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-12-21 47360]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-16 191936]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys [2007-04-19 99200]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwusbser.sys [2007-04-19 99200]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2007-01-16 71208]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-09-22 1079176]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-16 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-17 138168]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-10-07 20:01:41

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{3B55590C-8A9B-4BD6-B489-744B63026A2A}
-->MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4X UltraSaver-->MsiExec.exe /I{343F5741-ADF3-4594-9FF2-CB9314E3FB9C}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop Elements 4.0-->msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Apple Mobile Device Support-->MsiExec.exe /I{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audible Download Manager-->C:\Program Files\Audible\Bin\AudibleDM_iTunesSetup[1].exe /Uninstall
Ben Hogan The Swing Revealed-->MsiExec.exe /I{DA105E14-8C0F-4C49-9B24-FAC7DD37BCC3}
Blasterball 2 Revolution-->"C:\Program Files\Toshiba Games\Blasterball 2 Revolution\Uninstall.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Chessmaster Challenge-->C:\Program Files\Chessmaster Challenge\uninstall.exe
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.3.0-->"C:\Program Files\DVDFab 5\unins000.exe"
DVDFab Platinum 4.1.2.0-->"C:\Program Files\DVDFab Platinum 4\unins000.exe"
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Metamail (Toshiba Registration Utility)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE3F89C0-42D5-11D5-A40A-00105AC8331A}\setup.exe" -l0x9
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office OneNote 2003-->MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mobile Broadband Drivers-->MsiExec.exe /X{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Polar Golfer-->"C:\Program Files\Toshiba Games\Polar Golfer\Uninstall.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Reasonable NoClone 2007 Home-->MsiExec.exe /I{E51AD7C9-208B-413B-A4ED-A170635198F5}
RegCure 1.5.0.1-->C:\Program Files\RegCure\uninst.exe
SCRABBLE-->"C:\Program Files\Toshiba Games\SCRABBLE\Uninstall.exe"
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Game Console-->"C:\Program Files\WildTangent\Apps\TOSHIBA Game Console\Uninstall.exe"
TOSHIBA Hotkey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9
TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA TouchPad ON/Off Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9
TOSHIBA TV Tuner 4.0.12.73-->C:\Program Files\AVerMedia\TOSHIBA TV Tuner\uninst.exe
TOSHIBA Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9
TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VZAccess Manager-->C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB888316-->C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB894553-->C:\WINDOWS\$NtUninstallKB894553$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678-->C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~2\UNINST~1.EXE
Yahoo! Search Suggest Add-on for IE7-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip

-----------------EOF-----------------
Malwarebytes' Anti-Malware 1.28
Database version: 1241
Windows 5.1.2600 Service Pack 3

10/7/2008 7:40:14 PM
mbam-log-2008-10-07 (19-40-14).txt

Scan type: Quick Scan
Objects scanned: 60555
Time elapsed: 8 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\k.txt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gerald Madrigal\Favorites\Free MP3 Search.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gerald Madrigal\Start Menu\Free MP3 Search.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gerald Madrigal\Favorites\Free Porn.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gerald Madrigal\Favorites\Search Online.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gerald Madrigal\Start Menu\Search Online.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gerald Madrigal\Favorites\VIP Casino.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gerald Madrigal\Start Menu\VIP Casino.url (Rogue.Link) -> Quarantined and deleted successfully.



I am feeling very hopeful here.

gernodeb
gernodeb
Regular Member
 
Posts: 16
Joined: September 29th, 2008, 7:32 am

Re: Please help, I can't view the internet.

Unread postby gernodeb » October 7th, 2008, 11:15 pm

If I submitted this twice, I apologise, I had happy fingers.

gernodeb
gernodeb
Regular Member
 
Posts: 16
Joined: September 29th, 2008, 7:32 am

Re: Please help, I can't view the internet.

Unread postby silver » October 7th, 2008, 11:45 pm

Hi gernodeb,

I think the logs were posted more than twice :lol: but it's not a problem!
Are you still getting the popups you reported earlier?

------------------------------------------------------------------------

Please open Start->Control Panel->Add/Remove Programs, and remove J2SE Runtime Environment 5.0 Update 4. This is out of date and now a security risk, you can get the latest update (version 6 update 7) from here

You have Viewpoint Media Player installed on your system. This program is not malware but it is foistware in that it is usually installed without the user's knowledge or approval, and for this reason I recommend you remove it. If you actually use this program, I recommend you try using safe and free alternatives such as VLC Media Player.
Viewpoint Media Player can be removed via Add/Remove Programs

------------------------------------------------------------------------

Open Notepad: press Start->Run, type notepad into the box and press OK
Select Format from the top menu and make sure Word Wrap is NOT checked.
Then, copy/paste the contents of the following code box into Notepad:
Code: Select all
@echo off
del /q /a /f "C:\WINDOWS\system32\xappit.dll" >> results.txt 2>>&1
dir /a "C:\WINDOWS\system32\xappit.dll" >> results.txt 2>>&1
del %0

Select File and Save as
Save it to your Desktop as "runme.bat" (you MUST type the quotes)
Locate runme.bat on your Desktop and double-click it.
A black box should open and close after a short time, this is normal.
Another text file should appear on your Desktop called results.txt, do not open it until the black box has closed.
Post the contents of this file in your next response.

------------------------------------------------------------------------

Download Gmer to your Desktop from here:
http://www.gmer.net/gmer.zip
  • Unzip the program onto your Desktop (right-click, select Extract All... and follow the prompts)
  • Disconnect from the internet and close all running programs
  • Double click gmer.exe, let the gmer.sys driver load if asked
  • If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say OK
  • If there is no warning, then check that the Rootkit tab is selected and click the Scan button - don't change any settings before you do so
  • Once the scan is complete, click the Copy button
  • Open Notepad (Click Start->Run, type notepad and Enter) and hit Ctrl+V to paste the log and then save the log to your desktop

------------------------------------------------------------------------

Once complete, please post the results.txt output, the Gmer report and a new HijackThis log.
Also, let me know how your machine is running now.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Please help, I can't view the internet.

Unread postby gernodeb » October 8th, 2008, 8:08 am

Could Not Find C:\WINDOWS\system32\xappit.dll
Volume in drive C is SQ004126P01
Volume Serial Number is 30DD-E4C0

Directory of C:\WINDOWS\system32

File Not Found
gernodeb
Regular Member
 
Posts: 16
Joined: September 29th, 2008, 7:32 am

Re: Please help, I can't view the internet.

Unread postby gernodeb » October 8th, 2008, 1:02 pm

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-08 09:56:39
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateKey [0xAA9617A6]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xAA95E794]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xAA95EF1E]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteKey [0xAA9621F0]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteValueKey [0xAA96242A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwRenameKey [0xAA96312A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwSetValueKey [0xAA96283C]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwTerminateProcess [0xAA95DD0A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xAA95D384]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAA71DAB8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAA71DAA2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAA71D9D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAA71DAE4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAA71D9FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAA71D930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAA71D944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAA71D9A8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAA71DB20]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAA71DA8C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAA71DA76]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAA71DB0C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAA71DAF8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAA71D994]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAA71D980]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAA71DACE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAA71D9EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAA71D9BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution 80515A5A 7 Bytes JMP AA71D9C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80572BFC 5 Bytes JMP AA71DA02 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8057303F 7 Bytes JMP AA71DA7A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80578A1C 7 Bytes JMP AA71DB24 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80578E1C 7 Bytes JMP AA71DABC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8057CFC8 5 Bytes JMP AA71D984 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057DEF9 5 Bytes JMP AA71D9EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8057E371 7 Bytes JMP AA71D9D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 8058170A 5 Bytes JMP AA71D934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80581891 7 Bytes JMP AA71D9AC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80587691 7 Bytes JMP AA71DAA6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 805E1939 5 Bytes JMP AA71D948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 805E218F 5 Bytes JMP AA71DAE8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 80635937 5 Bytes JMP AA71D998 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 80654DAE 7 Bytes JMP AA71DAD2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 806556D4 7 Bytes JMP AA71DA90 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 80656045 5 Bytes JMP AA71DAFC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 806564B0 5 Bytes JMP AA71DB10 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSMain.exe[148] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\TPSMain.exe[148] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 84, 84 ]
.text C:\WINDOWS\system32\TPSMain.exe[148] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\TPSMain.exe[148] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BD, 83 ]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[156] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, CA, 84 ]
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\dla\DLACTRLW.exe[172] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 95, 84 ]
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Synaptics\SynTP\Toshiba.exe[176] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\toshiba\ivp\ism\pinger.exe[184] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\toshiba\ivp\ism\pinger.exe[184] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 90, 84 ]
.text C:\toshiba\ivp\ism\pinger.exe[184] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\toshiba\ivp\ism\pinger.exe[184] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, DD, 84 ]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[200] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, EF, 84 ]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[244] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 54, 84 ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[260] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, E5, 84 ]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[276] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 82, 85 ]
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[328] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 8E, 84 ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe[396] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 86, 85 ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe[436] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 3C, 86 ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[464] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 1C, 84 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[468] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, A2, 86 ]
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Google\Google Talk\googletalk.exe[476] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, A1, 84 ]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[492] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\QTTask.exe[528] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\QuickTime\QTTask.exe[528] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 6A, 84 ]
.text C:\Program Files\QuickTime\QTTask.exe[528] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\QuickTime\QTTask.exe[528] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[560] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 8B, 87 ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[560] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes [ 37, A1, C3, 83 ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[560] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[560] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F20000
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F20076
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F2005B
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F20F81
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7D, 84 ]
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F2004A
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F2002F
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F20F3F
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F20F66
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F20F13
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F200A2
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F200D1
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F20FA8
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F20FEF
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F20091
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F20FC3
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F20FDE
.text C:\Program Files\Messenger\msmsgs.exe[652] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F20F24
.text C:\Program Files\Messenger\msmsgs.exe[652] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E4001B
.text C:\Program Files\Messenger\msmsgs.exe[652] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E40F68
.text C:\Program Files\Messenger\msmsgs.exe[652] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E40FD4
.text C:\Program Files\Messenger\msmsgs.exe[652] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E4000A
.text C:\Program Files\Messenger\msmsgs.exe[652] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E40F83
.text C:\Program Files\Messenger\msmsgs.exe[652] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E40FEF
.text C:\Program Files\Messenger\msmsgs.exe[652] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00E40F94
.text C:\Program Files\Messenger\msmsgs.exe[652] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 04, 89 ]
.text C:\Program Files\Messenger\msmsgs.exe[652] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E40FA5
.text C:\Program Files\Messenger\msmsgs.exe[652] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Messenger\msmsgs.exe[652] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Messenger\msmsgs.exe[652] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E20000
.text C:\Program Files\Messenger\msmsgs.exe[652] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00E50FEF
.text C:\Program Files\Messenger\msmsgs.exe[652] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00E50FDE
.text C:\Program Files\Messenger\msmsgs.exe[652] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00E5001E
.text C:\Program Files\Messenger\msmsgs.exe[652] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00E50FCD
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 18, 85 ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[692] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[764] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 51, 84 ]
.text C:\WINDOWS\system32\ctfmon.exe[764] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\ctfmon.exe[764] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2F, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 026B0FEF
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 026B009D
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 026B008C
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 026B007B
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 16, 85 ]
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 026B0054
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 026B002F
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 026B00D3
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 026B0F8B
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 026B0F55
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 026B00EE
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 026B0F44
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 026B0FB2
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 026B0FDE
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 026B00C2
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 026B001E
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 026B0FCD
.text C:\WINDOWS\Explorer.EXE[812] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 026B0F70
.text C:\WINDOWS\Explorer.EXE[812] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01880FCA
.text C:\WINDOWS\Explorer.EXE[812] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01880058
.text C:\WINDOWS\Explorer.EXE[812] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0188001B
.text C:\WINDOWS\Explorer.EXE[812] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01880FE5
.text C:\WINDOWS\Explorer.EXE[812] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01880F9B
.text C:\WINDOWS\Explorer.EXE[812] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01880000
.text C:\WINDOWS\Explorer.EXE[812] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0188003D
.text C:\WINDOWS\Explorer.EXE[812] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 0188002C
.text C:\WINDOWS\Explorer.EXE[812] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F350F5A
.text C:\WINDOWS\Explorer.EXE[812] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\Explorer.EXE[812] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01890000
.text C:\WINDOWS\Explorer.EXE[812] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01890FEF
.text C:\WINDOWS\Explorer.EXE[812] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01890FDE
.text C:\WINDOWS\Explorer.EXE[812] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 0189002F
.text C:\WINDOWS\Explorer.EXE[812] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01860000
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 53, 84 ]
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[832] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 71, 84 ]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[868] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\csrss.exe[888] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 21, 85 ]
.text C:\WINDOWS\system32\csrss.exe[888] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[888] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[912] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 98, 84 ]
.text C:\WINDOWS\system32\winlogon.exe[912] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[912] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01070FEF
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01070FB2
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01070FC3
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01070091
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 19, 84 ]
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01070080
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0107004A
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010700C2
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01070F7A
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010700F8
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010700E7
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01070F44
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0107005B
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01070FD4
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01070F97
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01070025
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0107000A
.text C:\WINDOWS\system32\services.exe[956] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01070F5F
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01060F9E
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01060F68
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01060FB9
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01060FD4
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01060F83
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01060FE5
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 01060025
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01060014
.text C:\WINDOWS\system32\services.exe[956] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[956] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[956] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2F, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90F85
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F9007A
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F90069
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7E, 84 ]
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F9004E
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90FB6
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F90F4F
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F90F60
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F900CD
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90F34
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F90F0F
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F9003D
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F90FDB
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F9008B
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F90022
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F90011
.text C:\WINDOWS\system32\lsass.exe[968] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F900B2
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F80014
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F8004A
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F80FC3
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F80FD4
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F80039
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00F80F8D
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 18, 89 ]
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F80FA8
.text C:\WINDOWS\system32\lsass.exe[968] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F350F5A
.text C:\WINDOWS\system32\lsass.exe[968] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\lsass.exe[968] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F6000A
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BA, 84 ]
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[1112] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DC0FE5
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DC0064
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DC0F6F
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DC0F80
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7E, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DC003D
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DC0F9B
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DC0089
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DC0F43
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DC00B5
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DC00A4
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00DC00C6
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00DC002C
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00DC0F54
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00DC0011
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00DC0FC0
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00DC0F26
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00DB0FB6
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00DB0F79
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00DB0011
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00DB0000
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00DB0F8A
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00DB002C
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00DB0FA5
.text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E90FEF
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E90091
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E90080
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E9006F
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, C7, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E90FBC
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E90FCD
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E900C9
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E900B8
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E90F4B
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E900DA
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E90F3A
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E9005E
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E9000A
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E90F81
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E90039
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E90FDE
.text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E90F66
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E8001B
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E8007D
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E80FCA
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E80FE5
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E80062
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E80000
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00E80051
.text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E80040
.text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1224] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E60000
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 33, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 1E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 2A, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 1B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 27, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 15, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 2D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 21, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 24, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 30, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03480000
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03480062
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03480051
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03480F77
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 54, 86 ]
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03480040
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03480FAF
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03480F37
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0348007D
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0348009A
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03480F01
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 03480EE6
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 03480F9E
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 03480FE5
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 03480F52
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 03480FCA
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0348001B
.text C:\WINDOWS\System32\svchost.exe[1264] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 03480F1C
.text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 03460FB6
.text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 03460F8A
.text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 03460011
.text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 03460FE5
.text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 03460047
.text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 03460000
.text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0346002C
.text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 03460FA5
.text C:\WINDOWS\System32\svchost.exe[1264] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\System32\svchost.exe[1264] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F350F5A
.text C:\WINDOWS\System32\svchost.exe[1264] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02D80FEF
.text C:\WINDOWS\System32\svchost.exe[1264] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 03470000
.text C:\WINDOWS\System32\svchost.exe[1264] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 03470FEF
.text C:\WINDOWS\System32\svchost.exe[1264] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 03470025
.text C:\WINDOWS\System32\svchost.exe[1264] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 03470FCA
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, F9, 89 ]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1328] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, F0, 84 ]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1412] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 88, 84 ]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 05051EB5 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 05051E5F C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1580] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 05051E8A C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B00000
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B00F74
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B00073
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B00062
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 5D, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B00047
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B00FAF
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B00F4D
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B00095
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B00F06
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B00F21
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B00EEB
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B00036
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B00011
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B00084
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B00FC0
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B00FDB
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B00F3C
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00AF002F
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00AF0F72
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00AF0FD4
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00AF0F83
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00AF0000
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00AF0F9E
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ CF, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1608] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00AF0FC3
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1608] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1608] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AD0FEF
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D20000
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D2004E
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D20F59
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D20F80
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 2E, 84 ]
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D20F91
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D20022
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D2007A
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D20F32
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D200A6
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D20F0D
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D20EFC
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D20033
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D20011
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D2005F
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D20FB6
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D20FDB
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D20095
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D00FC3
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D00051
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D00FE5
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D00F9E
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00D00040
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D00025
.text C:\WINDOWS\system32\svchost.exe[1636] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1636] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1636] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B00000
.text C:\WINDOWS\system32\svchost.exe[1636] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00D10FE5
.text C:\WINDOWS\system32\svchost.exe[1636] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00D10FCA
.text C:\WINDOWS\system32\svchost.exe[1636] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00D10FB9
.text C:\WINDOWS\system32\svchost.exe[1636] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00D10F9E
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7C, 84 ]
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\ltmoh\Ltmoh.exe[1652] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 71, 84 ]
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[1672] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7D, 84 ]
.text C:\WINDOWS\system32\TDispVol.exe[1680] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\TDispVol.exe[1680] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 8F, 84 ]
.text C:\WINDOWS\system32\igfxtray.exe[1688] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\igfxtray.exe[1688] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, B7, 84 ]
.text C:\WINDOWS\system32\hkcmd.exe[1700] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\hkcmd.exe[1700] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BE, 84 ]
.text C:\WINDOWS\system32\igfxpers.exe[1708] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\igfxpers.exe[1708] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, DF, 84 ]
.text C:\WINDOWS\ehome\ehtray.exe[1748] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\ehome\ehtray.exe[1748] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BB, 83 ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Documents and Settings\Gerald Madrigal\Desktop\gmer\gmer.exe[1760] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, C5, 84 ]
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1776] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, F9, 84 ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1880] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2F, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 5C, 85 ]
.text C:\WINDOWS\system32\spoolsv.exe[1912] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F350F5A
.text C:\WINDOWS\system32\spoolsv.exe[1912] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7B, 84 ]
.text C:\WINDOWS\AGRSMMSG.exe[2012] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\AGRSMMSG.exe[2012] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 07, 85 ]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[2028] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 58, 84 ]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2036] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, EB, 83 ]
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[2132] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BF, 84 ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2224] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BE, 83 ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2296] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 71, 84 ]
.text C:\WINDOWS\system32\RAMASST.exe[2360] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\RAMASST.exe[2360] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 46, 84 ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[2372] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BB, 84 ]
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[2392] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 02, 84 ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2400] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 16, 84 ]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2432] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 60, 84 ]
.text C:\WINDOWS\system32\TPSBattM.exe[2436] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\TPSBattM.exe[2436] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 5B, 84 ]
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\DVDRAMSV.exe[2536] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 1C, 84 ]
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[2560] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 4A, 84 ]
.text C:\WINDOWS\eHome\ehSched.exe[2576] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\eHome\ehSched.exe[2576] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 56, 86 ]
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\McAfee\MBK\MBackMonitor.exe[2656] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 95, 84 ]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 9E, 85 ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2836] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 2A, 89 ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[2856] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 2A, 85 ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2896] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, AF, 86 ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2968] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, D4, 88 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3208] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, B4, 85 ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[3332] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 79, 84 ]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\McAfee\MSK\MskSrver.exe[3448] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, F8, 83 ]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3580] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 02, 84 ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3628] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[3708] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes [ 23, A1, C3, 83 ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 33, 86 ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3740] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3800] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD00BA
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD00A9
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD0098
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 76, 84 ]
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD0FDB
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD0062
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD0FAA
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD00E6
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD0F8F
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD0128
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CD0F74
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CD0073
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CD0011
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CD00D5
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CD0051
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CD002C
.text C:\WINDOWS\system32\svchost.exe[3800] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CD0117
.text C:\WINDOWS\system32\svchost.exe[3800] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CC0FD4
.text C:\WINDOWS\system32\svchost.exe[3800] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CC006C
.text C:\WINDOWS\system32\svchost.exe[3800] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CC0025
.text C:\WINDOWS\system32\svchost.exe[3800] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CC000A
.text C:\WINDOWS\system32\svchost.exe[3800] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CC0051
.text C:\WINDOWS\system32\svchost.exe[3800] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\system32\svchost.exe[3800] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00CC0040
.text C:\WINDOWS\system32\svchost.exe[3800] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CC0FC3
.text C:\WINDOWS\system32\svchost.exe[3800] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[3800] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[3800] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CA000A
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3820] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D00FE5
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D0002C
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D00F37
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D0001B
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7A, 84 ]
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D00F83
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D0006E
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D00F1C
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D000A1
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D00090
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D000BC
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D00F68
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D0003D
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D00F94
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D00FB9
.text C:\WINDOWS\system32\svchost.exe[3820] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D0007F
.text C:\WINDOWS\system32\svchost.exe[3820] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CF002F
.text C:\WINDOWS\system32\svchost.exe[3820] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CF006C
.text C:\WINDOWS\system32\svchost.exe[3820] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\svchost.exe[3820] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CF0FDE
.text C:\WINDOWS\system32\svchost.exe[3820] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CF005B
.text C:\WINDOWS\system32\svchost.exe[3820] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[3820] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CF0FB9
.text C:\WINDOWS\system32\svchost.exe[3820] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ EF, 88 ]
.text C:\WINDOWS\system32\svchost.exe[3820] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CF0040
.text C:\WINDOWS\system32\svchost.exe[3820] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[3820] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, B9, 83 ]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3832] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 22, 84 ]
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe[3876] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, EE, 83 ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\ehome\mcrdsvc.exe[3928] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2D, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 18, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 24, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0C, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 12, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 15, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 21, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0F, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 27, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1B, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1E, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 2A, 5F ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00250FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00250F7A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0025006F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00250FA1
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00250FB2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0025002F
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002500CC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002500A5
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00250F33
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00250F4E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 002500E7
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00250054
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00250FDE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00250094
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0025001E
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00250FCD
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00250F69
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00340FA8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00340F61
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00340FB9
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00340FD4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00340F72
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00340FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00340F8D
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 54, 88 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00340014
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A1667 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A15E8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A162C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A1574 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A15AE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A16A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00380000
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00AE0FEF
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00AE0FDE
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00AE000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00AE0FAF
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, BD, 84 ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Canon\CAL\CALMAIN.exe[4068] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[4528] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\alg.exe[4528] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, ED, 83 ]
.text C:\WINDOWS\System32\alg.exe[4528] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[4528] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\alg.exe[4528] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 2D, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 24, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 0C, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 12, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [ 15, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 21, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 0F, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 27, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 1B, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [ 1E, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 2A, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A000A
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A00A6
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A008B
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A007A
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0069
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A003D
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00C8
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F80
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00EA
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00D9
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0F2C
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0058
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A001B
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A00B7
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FDB
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A002C
.text C:\WINDOWS\system32\dllhost.exe[5920] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F5B
.text C:\WINDOWS\system32\dllhost.exe[5920] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 002A002C
.text C:\WINDOWS\system32\dllhost.exe[5920] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 002A0F94
.text C:\WINDOWS\system32\dllhost.exe[5920] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 002A0FDB
.text C:\WINDOWS\system32\dllhost.exe[5920] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 002A0011
.text C:\WINDOWS\system32\dllhost.exe[5920] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 002A0FAF
.text C:\WINDOWS\system32\dllhost.exe[5920] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 002A0000
.text C:\WINDOWS\system32\dllhost.exe[5920] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 002A0FC0
.text C:\WINDOWS\system32\dllhost.exe[5920] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 4A, 88 ]
.text C:\WINDOWS\system32\dllhost.exe[5920] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 002A0047
.text C:\WINDOWS\system32\dllhost.exe[5920] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\dllhost.exe[5920] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\system32\dllhost.exe[5920] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00660000

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4048] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\dllhost.exe[5920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\dllhost.exe[5920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\dllhost.exe[5920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\dllhost.exe[5920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\dllhost.exe[5920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\dllhost.exe[5920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.14 ----
gernodeb
Regular Member
 
Posts: 16
Joined: September 29th, 2008, 7:32 am

Re: Please help, I can't view the internet.

Unread postby gernodeb » October 8th, 2008, 1:07 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:02, on 10/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BAA0552-227B-46C1-B676-AE5AFB47D602}: NameServer = 66.174.92.14 69.78.96.14
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 16201 bytes
gernodeb
Regular Member
 
Posts: 16
Joined: September 29th, 2008, 7:32 am

Re: Please help, I can't view the internet.

Unread postby gernodeb » October 8th, 2008, 1:10 pm

OK, there were the 3 logs you asked for . Is the first one correct?
gernodeb
gernodeb
Regular Member
 
Posts: 16
Joined: September 29th, 2008, 7:32 am

Re: Please help, I can't view the internet.

Unread postby silver » October 8th, 2008, 9:34 pm

Hi gernodeb,

Yes the logs are fine.

How is your machine running now? Are you still getting the popups you reported earlier?
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Please help, I can't view the internet.

Unread postby gernodeb » October 8th, 2008, 10:27 pm

The popups are gone, however, when I booted up last night , and again tonight , I get a message-
The system has recovered from a serious error

and then something about it is shutting down ....... NT authority system..........C/Windows system 32 sevices.exe

I wrote down as much as I could in the 30 seconds before it rebooted.

After it rebooted, it seems to be fine, except that it takes a very long time to sign on to the net- about 10 minutes. I assume that is a seperate issue that could be resolved in my start list of running programs. I didnt want to do anything about that until the popup issue was resolved.
Other than that, I am very happy :cheers: Thanks again for being so patient with me.
Gernodeb
gernodeb
Regular Member
 
Posts: 16
Joined: September 29th, 2008, 7:32 am

Re: Please help, I can't view the internet.

Unread postby silver » October 8th, 2008, 10:52 pm

Hi gernodeb,

Some important final steps:

Please now delete rsit.exe, gmer.exe and any remaining logs from your Desktop, also delete this folder:
C:\rsit


Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

Re-enable Spybot's TeaTimer
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Check the box labeled Resident TeaTimer and OK any prompts.
  • Use File, Exit to terminate Spybot.
  • Reboot your machine for the changes to take effect.

------------------------------------------------------------------------

If the above went well I think your machine is now clean of malware. The error and the internet problem doesn't sound good, but at this stage it doesn't look to me like a malware problem so if you would like further assistance I recommend you post in a general troubleshooting forum such as WhatTheTech or PC Pitstop.

Here are some tips to help you keep your computer clean:

Operating system vulnerabilities can easily be exploited by malware so please ensure your operating system is automatically kept up to date by using Windows Update:
Go to Start->Control Panel->Automatic Updates
Select Automatic and select a suitable schedule
Also, check that your antivirus and antispyware programs are set to automatically update daily.

I recommend you install a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
Also: subscribe to the mailing list to get update notifications.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins or ActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Find out more about how to prevent infection in the future
http://forum.malwareremoval.com/viewtopic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Please help, I can't view the internet.

Unread postby silver » October 11th, 2008, 11:34 pm

This topic is now closed
We are pleased to have been of assistance in getting you clean.

If you have been helped and wish to donate with the costs of this volunteer site, you can do so using this link
Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 12 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware